|
Home > Archive > Apache Server configuration support > May 2006 > virtual users with external authentication and mod_dav
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
virtual users with external authentication and mod_dav
|
|
| RogerMLondon 2006-05-22, 1:16 pm |
| I have an ssl enabled webdav apache 2.2 server that is working and
configured as shown in the snips from our ssl.conf file below;
I am using external authentication courtesy of mod_authnz_external and
the WEBDAV_auth.pl script basically uses a SOAP::Lite call to
authenticate the user against a range of external services.
It all works fine. I should stress that I only setup the server today,
so I'm not a huge webdav expert. I'm not a huge apache expert either
although I can cope with writing custom authentication stuff etc.
BUT
What I'd like to do is be able to restrict users to just seeing their
own webdav folders and not just the whole webdav filesystem.
At present the webdav fs is reached via https://myserver/webdav at
which point they have to log in. This is fine but they can access
everyones folders.
I guess I could do this with a load of <directory> sections that are
specific to each user and then have a require specific user
authentication statement, however I sense that isn't the most flexible
solution and in any case I'll have to write a script to dynamically
change the ssl.conf as new users are added and whilst I'm happy to do
that, I can't help feeling that my question is a common one for people
establishing webdav servers and that there must be a better way. My
hours of googling have failed to find anything but I suspect an Apache
expert could come to my rescue ...
Any clues?
Thanks in advance
Roger
------------------------------------------
ssl.conf snippets below;
AddExternalAuth myexternalauth /var/www/perl/WEBDAV_auth.pl
SetExternalAuthMethod myexternalauth pipe
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "Microsoft Data Access Internet Publishing Provider"
redirect-carefully
BrowserMatch "Microsoft-WebDAV-MiniRedir/5.1.2600" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS" redirect-carefully
Alias /webdav "/mnt/snap/dav"
DAVLockDB /var/run/webdav/DavLock
DAVMinTimeout 600
<Directory /mnt/snap/dav>
DAV on
AllowOverride None
Options None
AuthType Basic
AuthName "User File Store"
AuthBasicProvider external
AuthExternal myexternalauth
Require valid-user
</Directory>
ProxyPass /webdav !
| |
| RogerMLondon 2006-05-22, 1:16 pm |
| Ah ha, answered my own question.
The solution was to use $ENV{'URI'} to look for the folder that the
user has requested, this can then be authenticated in the external
script etc.
Roger
|
|
|
|
|