Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
UNICEF

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 66 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  

HOWTO Home

Current HOWTO: Apache-WebDAV-LDAP-HOWTO


WebDAV server management

5. WebDAV server management

In this section we will discuss about the various management task - e.g. using LDAP for access control, and working with DAV method on Apache

Most of the configuration changes for the DAV will have to done using the httpd.conf file. This file is located at /usr/local/apache/conf/httpd.conf

httpd.conf is a text based configuration file that Apache uses. It can b editted using any text editor - I preffer using vi. Please make backup copy of this file, before changing it.

After making changes to the httpd.conf the Apache server has to be restarted using the /usr/local/apache/bin/apachectl restart command. However before restarting you test for the validity of the httpd.conf by using the /usr/local/apache/bin/apachectl configtest comand.

5.1. Restricting access to DAV shares

In the previous section when we created the DAVtest share, we used the LDAP for authentication purposes. However anyone who can authenticates using their LDAP useri/passwd will be able to access that folder.

Using the require directive in the httpd.conf file, we can limit access to certain individuals or groups of individuals.

If we look at the DAVtest configuration from the previosu section:


  <Directory /usr/local/apache/htdocs/DAVtest>
  Dav On
  #Options Indexes FollowSymLinks

  AllowOverride None
  order allow,deny
  allow from all
  AuthName "LDAP_userid_password_required"
  AuthType Basic
  <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
  Require valid-user
  </Limit>
  LDAP_Server ldap.server.com
  LDAP_Port 389
  Base_DN "o=ROOT"

  UID_Attr uid
  </Directory>
We see that the require is set to valid-user. Which means any valid authenticated user has access to this folder.

5.1.1. Restricting access based on Individual UID(s)

LDAP UID can be used to restrict access to DAV folder.

require valid-user directive can be changed to require user 334455 445566

This will restrict access to individuals with UID 334455 and 445566. Anyone else will not be able to access this folder.

5.1.2. Restricting access based on groups of individuals.

require can also be used to restrict access to groups of individuals. This can be either done using LDAP groups or LDAP filters. The filter must be valid LDAP filter syntax.

5.2. Restricting write access to DAV shares

It maybe be required that the editting for the resources on the DAV shares be restricted to certain individual, however anyone can view the resources. This can be easily done using the <Limit> tags in the httpd.conf file


  <Directory /usr/local/apache/htdocs/DAVtest>
  Dav On
  #Options Indexes FollowSymLinks

  AllowOverride None
  order allow,deny
  allow from all
  AuthName "LDAP_userid_password_required"
  AuthType Basic
  <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
  Require valid-user
  </Limit>
  LDAP_Server ldap.server.com
  LDAP_Port 389
  Base_DN "o=ROOT"

  UID_Attr uid
  </Directory>

You restrict write access to certain individuals by changing the <limit> to


  <Limit PUT POST DELETE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
  Require 334455
  </Limit>

Basically we are limiting the PUT POST DELETE PROPPATH MKCOL COPY MOVE LOCK and UNLOCK to an individual who has the UID of 334455. Everone else will be able to use the methods GET and PROPFIND on the resources, but not any other method.


The Linux Tutorial completely respects the rights of authors and artists to decide for themselves if and how their works can be used, independent of any existing licenses. This means if you are the author of any document presented on this site and do no wish it to be displayed as it is on this site or do not wish it to be displayed at all, please contact us and we will do our very best to accommodate you. If we are unable to accommodate you, we will, at your request, remove your document as quickly as possible.

If you are the author of any document presented on this site and would like a share of the advertising revenue, please contact us using the standard Feedback Form.


  




Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
You can help in many different ways.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.11 Seconds