Setup WebDAV Server

Introduction

Since version 3.2.3, AjaXplorer now comes bundled with a fully function webDAV server, thus allowing to access to the repository via this http-based method, through a very wide variety of clients : windows « web folders », linux or mac network drives, etc. You can setup a webDAV server directly using Apache, but the great advantage of using AjaXplorer embedded server is that AjaXplorer rights will be applied via webdav : a user will have access only to the repository he is allowed to read or write.

Please beware that this document intends to setup AjaXplorer as a webdav SERVER, not a client. If what you are looking for is accessing a set of documents stored on a remote webDAV server with AjaXplorer, see the access.webdav plugin.

WebDAV feature requirements & activation

This feature is based on a PHP implementation of the webDAV protocol (using ezComponent library), thus there is no need to activate webDAV in the server itself (apache, iis, etc). The first requirement is the PHP library mcrypt (to store the passwords in a secure way), but it’s a more generic requirement of AjaXplorer already. Second requirement is that your server must support some kind of Rewriting rules, namely the RewriteEngine for Apache (any input of implementing the same on IIS are welcome!).

WebDAV URLs in AjaXplorer

A manuel configuration is necessary for activating the webDAV access point : edition of the root .htaccess of AjaXplorer. This one is described for Apache, equivalent values will have to be set for other servers (any contributions welcome on this!!). To understand the configurations, lets explain how this will work : your AjaXplorer is installed on a server http[s]://yourdomain.com, inside the folder files for example. Normal web access is then http://yourdomain/files/. What we’ll do is create a « virtual » folder that will be the root of all DAV urls. By default, this is called « shares », but you can change it. On this basis, any repository will be accessible (by an accredited user of course) at the following url : http://yourdomain.com/files/shares/repository_id or
http://yourdomain.com/files/shares/repository_alias. (« Alias » is a repository property also introduced in version 3.2.3, to avoid handling the 32 characters repository ids).

The .htaccess file (or equivalent)

The virtual folder will in fact be handled by the .htaccess file. Its role is to redirect all queries to this folder to the root script dav.php. Thus the .htaccess file contains the following directives :

1<IfModule mod_rewrite.c>
2RewriteEngine on
3RewriteBase /files
4RewriteCond %{REQUEST_FILENAME} !-f
5RewriteCond %{REQUEST_FILENAME} !-d
6RewriteRule ^shares ./dav.php [L]
7</IfModule>

As you already have understood, the two bolded words are the ones that you have to customize for your distribution : /files = the root of your installation, shares = the virtual folder name you want to use.

AjaXplorer configuration

The WebDAV configurations are configurable directly via the gui (for v4 and later). You’ll find them in the Settings section, under Global Configurations > Core Configs > AjaXplorer Core, there is a « WebDAV Server » header.

Options are described below:

  • Enable WebDAV : totally enable or disable the webdav feature. false by default.
  • Shares URI : the exact mirror of the previous .htaccess configs : path to the virtual directory, thus something like « /files/shares ». Make sure to start with a slash, and end without slash.
  • Digest Realm : used for the digest authentification, and to store the webdav password encoded. Thus, if you want to change this, change it the very first time you install the feature, otherwise you’ll have to ask the users to re-enter their password.
  • [Shares Host] : this is optional, as it should be automatically detected by default ( something like http[s]://www.yourdomain.com ), but it can be useful to force it if a server can be accessed in various ways (like localhost / 192.168.0.xx).

Per-user activation and authentication

Once the webDAV is globally activated, each user will still have to manually activate it for his/her account, re-typing the password that will be used for webdav authentication. This is not very handy i admit, but unfortunately it is really necessary, as the webDAV authentication mechanism implies either knowing the password in its clear form (basic) or in its encoded form (digest), in the latter case using a different algorithm than the one used by AjaXplorer. For this reason, we have to store the user webDAV password in an encrypted form as a user preference, and he/she has to enter this password manually the first time the webDAV is activated.

For easing this process, there is a « WebDAV Preferences » panel added in the user widget actions (beside « Language », « Logout », etc). In this panel, the user will be able to activate/deactivate webdav for this account, and will be asked to enter his/her password the first time. But this panel is also the place where the definitive URLs the the user will have to use in his webDAV client will be displayed.

The user WebDav Preferences Panel

Known issues, limitations, workarounds

+ fs & ftp drivers : at the moment, only File System (Standard) and FTP Server repositories are accessible via webDAV, as the other have not been toroughly tested, but this should come soon.

+ Authorization mechanism seem to fail in the Apache + PHP as CGI case, and some more lines need to be added to the .htaccess file to ensure correct headers redirection. See the .htaccess file for more info, simply uncomment the lines.

+ Mac OSX Finder is using a specific Transfer-Encoding header for PUT requests (uploading files), which seem to be very poorly supported by servers, thus breaking the files uploads (file appear but is zero-byte sized).

+ There are plenty of documentation about WebDAV, both client and server on the web, one very useful website is the wiki of the SabreDAV project. It’s not the library we use, but it’s another webdav PHP implementation, and problems are very similars. Each clients is carefully documented. See for example http://code.google.com/p/sabredav/wiki/Finder for the previous problem.