August 26, 2010

445 words 3 mins read

WebDAV Client – Windows 7

Since I’ve already got Linux & OSX talking to my LDAP/WebDAV enabled Apache, I needed to finish my trifecta… Windows. Specifically, Windows 7. I had heard that it is possible to map WebDAV shares as network drives, just like you would with Samba. Of course, what you hear, what you hope for, and what Windows actually lets you do aren’t always the same (and usually ends with pain).

I had read somewhere that “Map Network Drive” was supposed to work with WebDAV in much the same way as in OSX.  I tried it out, but it never seemed to work.  I spent quite a while googling about for instructions that would work and eventually landed upon a

semi-promising article that mentioned the need to install the “Software Update for Web Folders (KB907306)".  Cool! Maybe that was all I was missing. I gave the update a shot, and a reboot later I was ready to WebDAV…

Of course it didn’t work.  That update does allow you to put in URLs directly into “Map Network Drive” rather than having to go into the more hidden “Connect to a website…” option.  Even still, I couldn’t connect to my WebDAV share. I saw the connection attempts on the Apache logs, but Windows kept telling me it wasn’t a valid share (Liars!).  After some more research, I found a post that said that the WebDAV connector didn’t allow ‘basic’ authentication, but you could fix that with a registry hack.  This time I knew better than to get my hopes up… which was a good thing, because it didn’t work either.

After still more research, I found the answer.  Microsoft’s WebDAV client only supports the use of ‘digest’ authentication.  I almost never use digest authentication, even though it is technically superior, simply because it is not well supported.  Any time you need “secure” authentication, you use SSL.  In the interest of being sure, I switched my authentication on the WebDAV share from ‘basic’ to ‘digest’… TADA… Windows 7 worked with WebDAV.

Of course, there is one CRITICAL flaw, I’m doing this against an LDAP back-end.  You cannot mix ‘digest’ authentication and LDAP.  The short reason is that because digest hashes the password before sending it (where basic sends the password clear text), and that hash is not compatible with your LDAP password hashes. It makes sense, and is nether LDAP’s nor Apache’s fault for not working.  The reality is that it is dumb (and typical) of Microsoft.

In summary: You cannot have Windows 7 natively talk to a ‘basic’ authentication WebDAV share, Period.  You can use Windows 7 native WebDAV with ‘digest’ authentication only, but that prevents you from using LDAP.

apache authentication basic digest LDAP map network drive WebDAV windows 7

Samba and LDAP DO NOT MIX

August 18, 2010

Recently I was tasked with helping a company implement a centralized authentication system, and they wanted to go all open source. This isn’t unreasonable in my book, though it is a little unusual. Of course the words “Open Source Authentication” directly translates to LDAP, the only question is which LDAP software you’re going to use. There are a number of options including OpenLDAP (slapd), Fedora Directory Server (389), OpenDS, Apache Directory Server, and a handful of smaller projects. On top of the LDAP directory they wanted me to add a number of services including email and file sharing. This is the story of how Samba sucks…

Apache + WebDav + LDAP = Pure Bliss

August 20, 2010

As I discussed previously, I got fed up with Samba file sharing (when trying to use LDAP) and went to the joy that was WebDAV. As it turned out, it is extremely easy to get LDAP authentication on Apache and combine that with WebDAV; today I’ll show you how.

WebDAV Clients – Linux & OSX

August 25, 2010

After getting LDAP, Apache & WebDAV working together in perfect harmony, I needed to get clients accessing the “shares” I was setting up. Fortunately Linux & OSX make this extremely easy. Windows… is another story, a story which can only be told… tomorrow.