Difference between revisions of "Talk:Mod dav"
From SME Server
Jump to navigationJump to search| Line 2: | Line 2: | ||
=== Windows Web Folders Client === | === Windows Web Folders Client === | ||
* After modifying 95Addmod_dav2ibays to require auth only for write functions, Windows XP Web Folders (My Network Places) started randomly popping up a message asking for a client certificate. I could find no server setting to get this to stop, but did find several mentions online about this issue. I finally downloaded the "web folders update 12" from http://www.microsoft.com/downloads/details.aspx?FamilyID=17c36612-632e-4c04-9382-987622ed1d64&DisplayLang=en (even though my workstation is running XP Professional SP3) | * After modifying 95Addmod_dav2ibays to require auth only for write functions, Windows XP Web Folders (My Network Places) started randomly popping up a message asking for a client certificate. I could find no server setting to get this to stop, but did find several mentions online about this issue. I finally downloaded the "web folders update 12" from http://www.microsoft.com/downloads/details.aspx?FamilyID=17c36612-632e-4c04-9382-987622ed1d64&DisplayLang=en (even though my workstation is running XP Professional SP3) | ||
| + | |||
| + | * Followup: the "web folders" update did *not* solve the problem - WebDAV works from Windows XP using "My Network Places", but users will get random requests to select a client certificate. When asked, the user can click either "OK" or "Cancel", and will then be allowed to open the selected item. | ||
| + | |||
=== Changes to 95Addmod_dav2ibays === | === Changes to 95Addmod_dav2ibays === | ||
<nowiki>--- ../95Addmod_dav2ibays 2009-05-30 08:37:53.000000000 -0400 | <nowiki>--- ../95Addmod_dav2ibays 2009-05-30 08:37:53.000000000 -0400 | ||
Revision as of 14:18, 1 June 2009
30 May 2009
Windows Web Folders Client
- After modifying 95Addmod_dav2ibays to require auth only for write functions, Windows XP Web Folders (My Network Places) started randomly popping up a message asking for a client certificate. I could find no server setting to get this to stop, but did find several mentions online about this issue. I finally downloaded the "web folders update 12" from http://www.microsoft.com/downloads/details.aspx?FamilyID=17c36612-632e-4c04-9382-987622ed1d64&DisplayLang=en (even though my workstation is running XP Professional SP3)
- Followup: the "web folders" update did *not* solve the problem - WebDAV works from Windows XP using "My Network Places", but users will get random requests to select a client certificate. When asked, the user can click either "OK" or "Cancel", and will then be allowed to open the selected item.
Changes to 95Addmod_dav2ibays
--- ../95Addmod_dav2ibays 2009-05-30 08:37:53.000000000 -0400
+++ 95Addmod_dav2ibays 2009-05-30 11:32:12.000000000 -0400
@@ -24,10 +24,11 @@
$OUT .= " IndexOptions FancyIndexing IconsAreLinks\n\n";
if ($properties{'Group'})
{
- $OUT .= " AuthName \"$key\"\n";
+ $OUT .= " AuthName ".$properties{'Name'}."\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthExternal pwauth\n\n";
- # Save groupname and find it in the group list
+ $OUT .= " <LimitExcept GET POST PROPFIND OPTIONS CONNECT>\n\n";
+ # Save groupname and find it in the group list
$iBayGroup = $properties{'Group'};
foreach my $group ($adb->groups)
{
@@ -42,8 +43,8 @@
{
# need to break user list on commas then output each one...
my @values = split(',',$groupprops{'Members'});
- $OUT .= " # Replace ibay name with any valid group member to validate\n";
- $OUT .= " Require user ";
+ $OUT .= " # Replace ibay name with any valid group member to validate\n";
+ $OUT .= " Require user ";
foreach my $val (@values) {
$OUT .= $val . " ";
}
@@ -59,10 +60,7 @@
}
}
# Ensure only valid users get to do stuff...
- $OUT .= " <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>\n\n";
- $OUT .= " Allow from all\n";
- $OUT .= " Require valid-user\n\n";
- $OUT .= " </Limit>\n\n";
+ $OUT .= " </LimitExcept>\n\n";
$OUT .= "</Directory>\n";
}
}
Older Notes
I was about to add the following to the article, but there seem to be some problems w/ the ibay support. (I'm putting this here so I don't lose my work).
Problems:
- the current ibay script does not set any "AuthName", so the ibays fail if you enable WebDav
- The group auth logic doesn't seem to work - it is based on the groups listed in 'db accounts' as groups - so there doesn't seem to be an easy way to authenticate using the ibay username and password (you have to create an empty group, then assign the ibay to that group using server-manager, which doesn't feel very intuitive to me...)
DAV Enabled Ibays
smeserver-mod_dav now provides dav-enabled i-bays (at least as of smeserver-mod_dav-0.1-15.el4.sme).
You can enable
| Command | Apache Directive | Effect | notes |
|---|---|---|---|
| db accounts setprop ibayname ModDav enabled | [DAV On] | Enable DAV for ibayname. | If the ModDav property does not exist, or if it has any value other than "enabled", DAV is not enabled for this ibay. |
| db accounts setprop ibayname ModDav-FileETag "some values" | [FileETag] | Controls the FileEtag directive for ibayname. | Read more at http://httpd.apache.org/docs/2.2/mod/core.html#fileetag |
| db accounts setprop ibayname Group groupname | [Require-user] | Authentication | If groupname exists (in the accounts database) and has members, add all current members of the specified group as authorized users. If groupname has no members (which is the case if you select the ibayname as the group name), set ibayname as the only authorized user. If this keyword does not exist, then any local SME user can access ibayname using their own username and password. |
Mmccarn 13:40, 16 September 2008 (UTC)
Text removed from the article:
This contrib can be found in the SME Dev repository. To install this contrib get shell access as root user and issue the following command:
yum install smeserver-mod_dav --enablerepo=smedev
Mmccarn 08:05, 20 November 2007 (MST)
