Groupe 2F (stockage)
Date de création :	09 02 2005
Dernière modification :	07 07 2005
Diffusion :	internet

WebDAV server V3 installation

Introduction

The purpose of this document is to explain how to install the ESUP WebDAV server V3.

Many features have been modified or improved since the previous version. Therefore the WebDAV server V3 is not compliant with its previous versions.

You will find a FAQ (under construction) at the end of this document.
Please DO NOT contact directly the developers neither by mail nor by phone. Use instead the injac-users mailing list (injac-users@esup-portail.org).
When you request the mailing list please ensure to attach the logs of the server in debug mode AND your build.properties file (remove every critical entry). See the section "Logging the server".

Important notes

This new version of the server modifies the way content and metadata are stored. So this version COULD NOT be compatible with older versions, depending on your original configuration. It means that you could not retrieve documents stored on an older version of the server if you update it with the 3.1.1 version. If you need to keep your documents then contact us using the injac-utilisateurs@esup-portail.org mailing list.

Main new features and improvements

Uportal store

While in the V2 (and older) version groups of the ESUP WebDAV server were created and stored manually on the server, in its V3 version the ESUP WebDAV server uses the same group manager as the portal it is connected to.

Admin tools

They were modified to simplify their use, and improved.

Packaging

The packaging was optimized to improve the installation, use and upgrade. Only one configuration file gathers all required information to install and run the server and associated tools.

Components

The ESUP WebDAV server V3 is composed of :

a Jarkarta Slide V2.1 server
a Jakarta Tomcat 5.0.28 server
an uPortal group store
four authentication filters
one redirection filter
a tool to create user homedirs
a tool to create the Injac root directory

Pre-requisite

a Portal esupdev-2.4.2 or a newer version - with its "PortalGroup" Web service deployed
an LDAP directory (compliant with the Inet Org Person standard (SUPANN for France))

Links in this page

Installation

If you want to install the ESUP WebDAV server on one of your Tomcat, you have to :

follow the installation procedure below
copy the $deploy.home/webapps/slide directory in the webapps directory of your Tomcat
edit the conf/server.xml file of your Tomcat and add in the definition of your non-SSL connector port :

<Connector port="????" ...
...

URIEncoding="UTF-8"/>

Getting the package

Download the package esup-serveur-WebDav-3.1-RC-1 in the download page.

Unzip it in a choosen directory.

Configuring the server

Open and edit the file esup-serveur-WebDav-3.1-RC-1/build.properties

IMPORTANT NOTES :

It is STRONGLY recommended to fill this file in meticulously given that some parameters can NOT be re-configured once the server is deployed and started. These parameters are written as [FINAL]
Each parameter HAS TO BE filled in except those written as [OPTIONAL] - the can be left empty
You can keep the value of parameters written as [DEFAULT]=defaultValue - the others MUST be modified

---- build.properties file ----

Do not change the two following values

#DO NOT CHANGE THE TWO FOLLOWING VALUES
#app.version : application version - to build a zip file of the project [DEFAULT] 
app.version = 3.1-RC-1

#app.name.deploy : application name - to build a zip file of the project [DEFAULT] 
app.name.deploy = esup-serveur-WebDav

deploy.home > path where to install the server
java_home > java home location

#deploy.home : deployment directory [FINAL]
deploy.home = C:/esup-serveur-WebDav-3

#java_home : java home
java_home = C:/j2sdk1.4.2_04

The following values configure Tomcat's server.xml parameters

#tomcat.server.port : Tomcat port
#tomcat.application.connector.port : application port
#tomcat.apache.connector.port : Apache connector port
#slide.context : Slide context
tomcat.server.port = 8005
tomcat.application.connector.port = 8080
tomcat.apache.connector.port = 8009
slide.context = /slide

You won't probably have to change the default values of the following parameters except :
webdavServer.url > URL of the ESUP WebDAV server - note that ${tomcat.application.connector.port} will be automatically replaced by its value defined above.

#webdavServer.url : webdav server URL
#webdavServer.homedirPath : root path to store user homedirs [FINAL]
#webdavServer.homedirHashType : hash type used to build user homedirs - with_hash | with_hash_reverse [DEFAULT]=with_hash [FINAL]
#webdavServer.usersPath : root path to store users [DEFAULT]=users [FINAL]
#webdavServer.rolesPath : root path to store roles [DEFAULT]=roles [FINAL]
#webdavServer.localRolesPath : root path to store local roles [DEFAULT]=roles/local [FINAL]
#webdavServer.uPortalRolesPath : root path to store uPortal roles [DEFAULT]=roles/uPortal [FINAL]
#webdavServer.injacPath : root path to store InJac spaces [DEFAULT]=files/injac [FINAL]
webdavServer.url = http://myWebDAVServer:${tomcat.application.connector.port}/slide
webdavServer.homedirPath = files/homedir
webdavServer.homedirHashType = with_hash
webdavServer.usersPath = users
webdavServer.rolesPath = roles
webdavServer.localRolesPath = roles/local
webdavServer.uPortalRolesPath = roles/uPortal
webdavServer.injacPath = files/injac

You have now to configure LDAP parameters. The ESUP WebDAV server requires an LDAP directory to work. LDAP parameters refering to the LDAP filter are explained in more details in the authentication filters documentation

About slide.ldap.Filter : common LDAP filter but you avec to use HTML name or number for special charaters.
ex :
& becomes &amp or &
| becomes |

About slide.ldap.Principal and slide.ldap.Credential : some LDAP directories could require administrator privileges to bind - if it does, you can enter the administrator login name (principal) and password (credential) here.

#LDAP properties
#slide.ldap.BaseDn : base DN
#slide.ldap.Rdn : unique attribute representing the user in the LDAP directory 
#slide.ldap.Filter : LDAP search filter - special characters have to be replaced bu their HTML name or HTML number
#slide.ldap.Scope : LDAP scope = SUBTREE_SCOPE | ONELEVEL_SCOPE | OBJECT_SCOPE
#slide.ldap.Attributes : attributes to retrieve from the LDAP directory
#slide.ldap.Url : LDAP directory URL
#slide.ldap.Port : LDAP directory port
#slide.ldap.Principal : LDAP principal (username) [OPTIONAL] - if needed to bind
#slide.ldap.Authentication : Do no modify this parameter
#slide.ldap.Credential : LDAP credential (password) [OPTIONAL] - if needed to bind
#slide.ldap.MaxResults : LDAP max results - 0 = no limit
slide.ldap.BaseDn = ou=people,dc=univ,dc=fr
slide.ldap.Rdn = uid
slide.ldap.Filter = (&#124;(&amp;(typeentree=staff)(department=007))(uid=bell*))
slide.ldap.Scope = SUBTREE_SCOPE
slide.ldap.Attributes = uid,displayName
slide.ldap.Url = ldap://myWonderfulLDAP.univ.fr
slide.ldap.Port = 389
slide.ldap.Principal = 
slide.ldap.Authentication = simple
slide.ldap.Credential =
slide.ldap.MaxResults = 0

# NOTE : The following properties are only used by the LDAP authentication filter
#slide.ldap.AlternateUrl : LDAP directory alternate URL [OPTIONAL]
#slide.ldap.AlternatePort : LDAP directory alternate port [OPTIONAL]
#slide.ldap.BindType : LDAP bind type = FASTBIND | SEARCHBIND
#slide.ldap.BindTypeFastBindPattern : pattern for a fast bind
#slide.ldap.BindTypeSearchBindBaseDn : base DN for a search bind
#slide.ldap.BindTypeSearchBindFilter : filter for a search bind
slide.ldap.AlternateUrl = ldap://myWonderfulAlternateLDAP.univ.fr
slide.ldap.AlternatePort = 389
slide.ldap.BindType = SEARCHBIND
slide.ldap.BindTypeFastBindPattern = uid={0},ou=people,dc=univ,dc=fr
slide.ldap.BindTypeSearchBindBaseDn = ou=people,dc=univ,dc=fr
slide.ldap.BindTypeSearchBindFilter = uid={0}

slide.loggerLevel > from 1 to 7 (7 is the most verbose level)
slide.webdavLogging.enable > enabled WebDAV events logging
slide.webdavLogging.file > output file to log WebDAV events
slide.content****Store > path where to store Slide content (homedirs, InJac spaces...)
slide.metadata****Store > path where to store Slide metadata (acl, files information...)
It is strongly recommended to store Slide content and metadata on a fast machine
slide.useUPortalStore > it is strongly recommended to use the uPortal store for roles to take advantage of the portal group management system especially if you expect to use InJac functionalities

#slide.loggerLevel : Slide logger level from 1 to 7 - 7 shows the most information [DEFAULT]=1
slide.loggerLevel = 1

#slide webdav events logging - path is absolute
slide.webdavLogging.enable = true
slide.webdavLogging.file = c:/slide_log.txt

#slide.content****Store : directory to store Slide content [FINAL]
#slide.metadata****Store : directory to store Slide metadata [FINAL]
# NOTE : THE FOUR DIRECTORIES MUST BE DIFFERENT
slide.contentRootStore = C:/SlideData/content/store
slide.contentWorkStore = C:/SlideData/content/work
slide.metadataRootStore = C:/SlideData/metadata/store
slide.metadataWorkStore = C:/SlideData/metadata/work

#slide.useUPortalStore = true | false [FINAL]
# true : slide groups are the same as the portal groups
# false : slide groups must be defined manually by the administrator - this procedure is not explained in this document
slide.useUPortalStore = true

The following parameters refer to the uPortal Web Service : "PortalGroup"

Note that you MUST have a portal runnning with its "PortalGroup" Web service deployed
You are advised against disabling the cache, this could affect both Slide and the portal performance

slide.uPStore.WebServiceUrl > URL of your portal Web service
slide.uPStore.DisableCache > disable the cache - NOT RECOMMENDED
slide.uPStore.CleaningThreadSleepingTime > sleeping time (in minutes) of the cache cleaning thread
slide.uPStore.CachedUserInformationTTL > time to live (in minutes) of the cached user information
slide.uPStore.CachedObjectNodeTTL > time to live (in minutes) of the cached uPortal store objects

You can find further details about the cache management in the documentation available here (TO DO)

#slide.uPStore.WebServiceUrl : uPortal Web service url [FINAL]
#slide.uPStore.DisableCache : disable the cache [DEFAULT]= false [FINAL]
#slide.uPStore.CleaningThreadSleepingTime : cleaning thread sleeping time (in minutes) : min value = 1 [DEFAULT]=1440 [FINAL]
#slide.uPStore.CachedUserInformationTTL : cached user information Time To Live (in minutes) : min value = 1 [DEFAULT]=1440 [FINAL]
#slide.uPStore.CachedObjectNodeTTL : cached object node Time To Live (in minutes) : min value = 1 [DEFAULT]=1440 [FINAL]
slide.uPStore.WebServiceUrl = http://portal.univ.fr:8080/uPortal/services/PortalGroups
slide.uPStore.DisableCache = false
slide.uPStore.CleaningThreadSleepingTime = 1440
slide.uPStore.CachedUserInformationTTL = 1440 
slide.uPStore.CachedObjectNodeTTL = 1440

slide.rootUser > Slide's administrator uid (must be registered in the LDAP)

#slide.rootUser : Slide administrator
slide.rootUser = tbellemb

You have not to configure the authentication router except entering your portal IP adresses

In this version, the ESUP WebDAV server is configured to be accessed only through the ESUP storage channel using the TRUSTED mode. You can change the authentication method (refer to the authentication filters documentation) but it is not recommended for the current packaging because we can not garanty the security of the WebDAV server if it is accessed using another DAV client. This feature will be described in a future documentation.

The security of the ESUP WebDAV server is assured by both an IP adresses control and a password control. The authentication layer ensures that the client trying to connect to the server is one of the IP adresses of the portal and that the password contained in the request is "trusted".

#Authentication router properties
... 

#Enter here you portal IP adresses
slide.authenticationRouter.allowClientIPTRUSTED = portalIP1 portalIP2 ...
slide.authenticationRouter.useSecureRequestTRUSTED = 
slide.authenticationRouter.agentTRUSTED = 
slide.authenticationRouter.httpRequestParameterTRUSTED =
slide.authenticationRouter.destinationHostTRUSTED =

slide.trustedFilter.password > enter here your trusted password - this password is used by the storage channel to access the ESUP WebDAV server. It must be complex enough.

#TRUSTED filter properties
slide.trustedFilter.password = trusted

CAS authentication can be used but its configuration is not explained here (refer to the authentication filters documentation)

#CAS filter properties
...

Configuring the tools

This section explain quickly how to configure the tools provided with the package. For a full documentation, follow this link. TODO

The tools are also configured using the file esup-serveur-WebDav-3.1-RC-1/build.properties

The tools will create WebDAV resources in the paths specified by the parameters webdavServer.injacPath and webdavServer.homedirPath at the beginning of the build.properties file. But the tools DOES NOT create automatically those paths, so you will have to create them manually (with a DAV client). You will find a free DAV client here : http://jakarta.apache.org/site/downloads

ex : if you keep the default injacPath and homedirPath parameters you have to create two directories "homedir" and "injac" in the directory "files" on the server.

homeDirCreation

Build users homedirs.

There are two ways to configure this tool :

homedirCreation.creationType = -user
homedirCreation.creationFilter = userName
->Create userName's homedir
homedirCreation.creationType = -all
homedirCreation.creationFilter = (ldapFilter)
->Create an homedir for every user matching the LDAP filter
ldapFilter example : (|(&(typeentree=staff)(department=007))(uid=bell*))

#homedirCreation.creationType = -all | -user
#   -all : create homedirs for each Slide user specified in the filter homedirCreation.creationFilter
#   -user: create homedir for one user 
#homedirCreation.creationFilter =
#   if used with parameter -all > an LDAP filter
#   if used with parameter -user > a user LDAP uid
homedirCreation.creationType = -user
homedirCreation.creationFilter = toto

injacV2SpacesCreation

Build the InJac Root

#injacV2SpacesCreation.spaceName : InJac root name
#injacV2SpacesCreation.admin : InJac root administrator (not necessary Slide's administrator)
#injacV2SpacesCreation.wdChannelUser : userName used by the storage channel to access and browse the InJac root
injacV2SpacesCreation.spaceName = injacRoot
injacV2SpacesCreation.admin = tbellemb
injacV2SpacesCreation.wdChannelUser = bourges

Personalizing the installation

You can personalize your installation thanks to the perso directory of the package ("ESUP-like" installation). You should NOT add files in this directory.
You can configure logging. Note that the "#slide webdav events logging" section of the build.properties file configures only WebDav events logging (WebDav requests coming to the server). You can configure admin tools, authentication filters and uPortal store logging thanks to the log4j.xml files contained in the perso directory. By default admin tools are configured to log in the INFO level in the console. Filters and store are configured in FATAL in the console.

Deploying the server

Launch the ANT target deploy

Running the server

Launch the ANT target server.start

Running the tools

Launch the ANT target create-homedirs and create-injacRoot

Re-configuring the server - running the tools again

Note that some parameters can NOT be re-configured once the server is deployed and started

Modify the file esup-serveur-WebDav-3.1-RC-1/build.properties and launch the ANT target init. Restart the server (server.stop - server.start) - not necessary if you have only modify the tools parameters.

Logging the server

DO NOT forget to execute the "init" target after changing the logging configuration.

WebDAV events

You can configure WebDAV events logging using the build.properties file :

slide.loggerLevel = 7


slide.webdavLogging.enable = true
slide.webdavLogging.file = c:/slide_log.txt

Enter a correct path for the slide.webdavLogging.file property.

Authentication layer - uPortal store - admin tools

These components can be logged configuring the log4j.xml files in the perso directory of the package.

Please refer to the log4j documentation for further details.

FAQ (Frequently asked questions)

Problem : I have the following error using the homedir creation tool :

[java] ERROR    (org.esupportail.portal.utils.injac.homeDirCreation.HomedirCreation:394) 
   - HomedirCreation::main()::WrongPathException handled 
    [java] >Class HomedirCreation 
    [java] >Method createHomedir 
    [java] >Path /slide/files/homedir wrong !

Solution : The "homedir" directory does not exist. You have to create it with a DAV client before running the tool.

Création : 10 02 2005 - Thomas Bellembois (University of Rennes 1)

Modifications :
16 02 - Thomas Bellembois (University of Rennes 1) : added some explanations - correcting mistakes - 3.0RC1 > 3.0RC2
04 04 - Thomas Bellembois (University of Rennes 1) : removed redirection filter doc. - adding WebDav events logging - adding "personalizing the installation" - 3.0RC2 > 3.1RC1
02 05 - Thomas Bellembois (University of Rennes 1) : added the FAQ and the logging section
09 05 - Thomas Bellembois (University of Rennes 1) : modifying the store section - 3.1RC1 > 3.1.1RC1
07 07 - Thomas Bellembois (University of Rennes 1) : completing the documentation