Lion Server: Configuring WebDAV sharing for Active Directory accounts

Summary

Lion Server's WebDAV Sharing feature uses HTTP Digest authentication by default to secure access to share points and home directories from iWork apps on iOS device; however, this authentication method does not support user accounts defined in Active Directory. This article describes how to enable Basic authentication over SSL to support these users.

Products Affected

Lion Server

To configure WebDAV Sharing for such users, follow these instructions before enabling any WebDAV share points.

Note: The instructions in this article include editing configuration files. Follow the guidelines in this article. You must have root access to edit these files. You should make a backup copy of each file prior to editing it.

  1. Stop the File Sharing and Web services in Server app.

  2. This step is optional but highly recommended: Acquire and install a trusted SSL certificate, and use Server App to configure Web Service to use the certificate. You can use the server's default, self-signed certificate for WebDAV Sharing, but iWork apps in iOS may warn that the certificate is "invalid".

  3. Edit /etc/apache2/httpd_webdavsharing.conf.

        Find this line:
                AuthType Digest

        Change Digest to Basic. This makes WebDAV Sharing use Basic authentication, which is required for Active Directory users.

  4. Edit /etc/apache2/webapps/com.apple.webapp.webdavsharing.plist.

        Find these lines:
            <key>sslPolicy</key>
            <integer>0</integer>

        Change the 0 to 1. This makes WebDAV Sharing require SSL, which is the only secure way to use Basic authentication.

  5. Advise users to configure the iWork clients on their iOS devices with an "https" WebDAV URL, like:

        https://example.com/webdav

  6. Start the File Sharing and Web services in Server app.
Not helpful Somewhat helpful Helpful Very helpful Solved my problem