saqib@seagate.com
Revision History | ||
---|---|---|
Revision v3.1 | 2002-04-11 | Revised by: sa |
Updated the introduction section | ||
Revision v3.0 | 2002-04-09 | Revised by: sa |
Added "Implementing and using SSL to secure WebDAV traffic" section | ||
Revision v2.1 | 2002-03-24 | Revised by: sa |
Refined the WebDAV Introduction and SSL section. | ||
Revision v2.0 | 2002-03-20 | Revised by: sa |
Added the SSL section | ||
Revision v1.1 | 2001-11-29 | Revised by: sa |
Initial public release. | ||
Revision v1.0 | 2001-11-01 | Revised by: sa |
Initial public release. |
WebDAV Support and Discussion Forum
This document is not a HOWTO on setting up LDAP server. For setting up a LDAP server please visit http://www.linuxdoc.org/HOWTO/LDAP-HOWTO-1.html
This document is Copyright 2001 by Saqib Ali. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is available at http://www.gnu.org/copyleft/fdl.html
The tools needed to achieve this objective are:
NOTE: All of these packages are free and are available for download on the net.
We will compile all the above mentioned packages to produce binaries for the Web Server. The WebDAV and LDAP module will be compiled statically into Apache. Static compilation results in faster execution times. Apache was chosen, because it is the most versatile web server ever to exist. Market Shares for Top Web Servers shows that Apache has the largest web server market share.
Apache is also being used by:
This document assumes that you have the following already installed on your system.
gcc and GNU make - available from http://www.gnu.org
The document also assumes there is a LDAP server installed elsewhere which will be used for the authentication.
If you have any questions about the information available on this document, please contact me on the following email address: saqib@seagate.com
If you have comments and/or suggestions, please let me know as well!
Please download the following packages.
OpenLDAP (for LDAP lib files)
mod_dav (Apache module for WebDAV)
mod_ldap (LDAP module for LDAP)
OpenSSL (SSL enginer for creating/managing certificates)
mod_SSL (SSL Module for Apache)
To compile the WebDAV service with LDAP authencation capability, we will need to have the LDAP library files installed on the machine. The LDAP library files will be used to compile the LDAP module for Apache. Best way to get the LDAP library files is to download the OpenLDAP sourcecode from http://www.openldap.org and compile it to produce the required library files. You may use any other LDAP like IPlanet as well, but I recommend an OpenSource solution.
Become root by using the su command:
$ su |
# cd /tmp/download # gzip -d openldap-stable-xxxxxxx.tar.gz # tar -xvf openldap-stable-xxxxxxx.tar # cd openldap-x.x.xx |
# ./configure --disable-slapd |
After you are done with configuring, you can make the dependencies for the openldap package:
# make depend |
After making the dependencies the openldap package needs to be compiled. Use the make command:
# make |
# make install |
Now change to the directory where you placed the OpenSSL source code files
# cd /tmp/download # gzip -d openssl.x.x.gz # tar -xvf openssl.x.x # cd openssl.x.x # make # make test # make install |
# cd /tmp/download # gzip -d apache_1.x.x.tar.gz # tar -xvf apache_1.x.x.tar # cd apache_1.x.x # ./configure --prefix=/usr/local/apache |
# cd /tmp/download # gzip -d mod_dav-1.x.x.tar.gz # tar -xvf mod_dav-1.x.x.tar |
Change to the NEW directory which was created during the extract:
Now configure the mod_dav package for static linking to Apache:
# ./configure --with-apache= /tmp/download/apache_1.x.x
Change back to the temp download directory, and extract the mod_auth_ldap files:
# cd /tmp/download # gzip -d mod _auth_ldap.tar.gz # tar -xvf mod_auth_ldap.tar |
Now install the modauthldap files to the Apache source tree:
# cd apache_x.x.x # mv ../modauthldap ./src/modules/ldap |
# cd /tmp/download # gzip -d mod_ssl-2.x.x.tar.gz # tar -xvf mod_ssl-2.x.tar # ./configure --with-apache=../apache_1.3.x.x |
Finally we have reached the destination. But not yet.......
"The Journey is the Destination" (Jerry Garica of Grateful Dead) |
Now we are ready to compile and install Apache with WebDAV and LDAP authentication for DAV.
Change back to the temp download directory:
Change to the Apache tree directory:
Now set the variable SSL_BASE to the OpenSSL lib files. On tcsh it will be as following:
# setenv SSL_BASE /tmp/download/openssl-0.9.x |
This will the compiler where to find the SSL LIB files.
And now configure apache for the compilation with mod_dav, mod_auth_ldap, and mod_ssl:
# ./configure --prefix=/usr/local/apache \ --enable-module=ssl \ --activate-module=src/modules/ldap/mod_auth_ldap.c \ --activate-module=src/modules/dav/libdav.a \ --enable-shared=ssl [...you can add more options here...] |
Now compile the Apache and install it into the appropriate place:
Now create the SSL certification on the web server
# make certificate TYPE=custom
Now for the easy part. In this section we will WebDAV enable a directory under Apache root.
Please verify that the following Apache directive appears in the /usr/local/apache/conf/httpd.conf :
Addmodule mod_dav.c |
DAVLockDB /usr/local/apache/var/DAVLock |
ps -ef | grep httpd |
# cd /usr/local/apache # mkdir var # chmod -R 755 var/ # chown -R nobody var/ # chgrp -R nobody var/ |
DAV On |
This directive will enable DAV for the directory and its sub-directories.
<Directory /usr/local/apache/htdocs/DAVtest> Dav On #Options Indexes FollowSymLinks AllowOverride None order allow,deny allow from all AuthName "username_and_passwd_required" AuthType Basic <Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> Require valid-user </Limit> LDAP_Server your.ldap.server.com LDAP_Port 007 Base_DN "o=ROOT" UID_Attr uid </Directory> |
# ps -ef | grep httpd |
Create a test directory called 'DAVtest' under /usr/local/apache/htdocs :
# mkdir /usr/local/apache/htdocs/DAVtest
# cd /usr/local/apache/htdocs # chmod -R 755 DAVtest/ # chown -R nobody DAVtest/ # chgrp -R nobody DAVtest/ |
# /usr/local/apache/bin/apachectl configtest
If you get error messages please verify that you followed all of the above mentioned steps correctly. If you can not figure out the error message feel free to email me with the error message (saqib@seagate.com).
If the configtest is successful start the apache web-server:
# /usr/local/apache/bin/apachectl restart
Now you have WebDAV enabled Apache Server with LDAP authentication.
If you have any questions, suggestions, recommendations, kudos, comments, or complaints, please email them to me (saqib@seagate.com).
Note: Please free to contact me if you encounter any problems installing Apache or any of the modules, or if you would like upgrade your existing Apache server to support WebDAV.
This HOWTO discusses about the HTTP over SSL or simply HTTPS. For more information about POP/IMAP/LDAP over SSL, please visit http://www.stunnel.org. Or if you are looking for a commerical products look into IPlanet for LDAP and Netscape for IMAP and POP.
# apachectl startssl Apache/1.3.23 mod_ssl/2.8.6 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide us with the pass phrases. Server your.server.dom:443 (RSA) Enter pass phrase: |
First make a copy of the encrypted key
# cp server.key server.key.cryp |
# /usr/local/ssl/bin/openssl rsa -in server.key.cryp -out server.key read RSA key Enter PEM pass phrase: writing RSA key |
One way to secure the decrypted Private Key is to make readable only by the root:
# chmod 400 server.key |