Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

WebDAV & iWorks - REMOTE_USER not given in RewriteRule when writing files

Accessing (read/write) files via WebDAV with iPad/iWorks worked very well in the past. Now, with the newly released iPad/iWorks something has been changed by Apple.


Clients access their files from a WebDAV published location. Therefor a rewrite rule substitutes the uri request to point to the users home directory:


To make it more transparent:

If a user browses to <webdav_server>/Test he gets content from /mnt/Test/test_home/$USER


For security reasons the user has to authorize him/herself and the REMOTE_USER variable will be used to point to the correct directory.

Also for security reasons read and write permissions will be checked by ldap requests.


This worked till the new iPad/iWorks came out. What did change in the webdav client so it will authorize itself correctly again?


Currently, the clients have read access to the files only. If a file should be written to the webdav location the clients get a 403 Forbidden.

The variable REMOTE_USER remains empty, so the correct location to write the file cannot be rewritten by the rule any more.


Any hints?


Here is the config from the webdav server:


Alias /Test "/mnt/Test/"

<Directory /mnt/Test/>
DAV on
Options Indexes
AllowOverride None
SSLRequireSSL
</Directory>

DavLockDB /tmp/Dav
RewriteEngine On
RewriteLog "/var/log/apache2/webdav-rewrite.log"
RewriteLogLevel 4
#RewriteCond %{LA-U:REMOTE_USER} !=""
RewriteCond %{REQUEST_URI} ^/Test/test_home
RewriteRule ^/Test/test_home/(.*?)$ /mnt/Test/test_home/%{LA-U:REMOTE_USER}/$1 [L]

<Directory /mnt/Test>
Options +Indexes
IndexIgnore ..
IndexOptions -IconsAreLinks NameWidth=* FancyIndexing SuppressLastModified FoldersFirst
IndexOrderDefault Ascending Name
Dav On
AuthName "AUTH_NAME"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://<ldap_server>:3268/DC=domain,DC=local?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "ldap@domain.local"
AuthLDAPBindPassword "secure_passwd"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
# Require valid-user
<LimitExcept OPTIONS HEAD GET PROPFIND>
# Require group rw
deny from all
</LimitExcept>
<Limit OPTIONS HEAD GET PROPFIND>
# Require group ro
allow from all
Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=ACL_WEBDAV_USER,DC=domain,DC=local
</Limit>
</Directory>

<Directory /mnt/Test/test_home>
Options +Indexes
IndexIgnore ..
IndexOptions -IconsAreLinks NameWidth=* FancyIndexing SuppressLastModified FoldersFirst
IndexOrderDefault Ascending Name
Dav On
AuthName "AUTH_NAME"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://<ldap_server>:3268/DC=domain,DC=local?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "ldap@domain.local"
AuthLDAPBindPassword "secure_passwd"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
# Require valid-user
<LimitExcept OPTIONS HEAD GET PROPFIND>
# Require group rw
deny from all
# Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=ACL_WEBDAV_USER,DC=domain,DC=local
</LimitExcept>
<Limit OPTIONS HEAD GET PROPFIND>
# Require group ro
Order allow,deny
allow from all
Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=ACL_WEBDAV_USER,DC=domain,DC=local
</Limit>
</Directory>

<Directory /mnt/Test/test_home/*>
Options +Indexes
IndexIgnore ..
IndexOptions -IconsAreLinks NameWidth=* FancyIndexing SuppressLastModified FoldersFirst
IndexOrderDefault Ascending Name
Dav On
AuthName "AUTH_NAME"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://<ldap_server>:3268/DC=domain,DC=local?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "ldap@domain.local"
AuthLDAPBindPassword "secure_passwd"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
# Require valid-user
<LimitExcept OPTIONS>
# Require group rw
deny from all
Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=ACL_WEBDAV_USER,DC=domain,DC=local
</LimitExcept>
<Limit OPTIONS HEAD GET PROPFIND POST PUT PROPPATCH PATCH MOVE COPY MKCOL LOCK UNLOCK>
# Require group ro
# Order deny,allow
allow from all
Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=ACL_WEBDAV_USER,DC=domain,DC=local
</Limit>
<Files *.*>
allow from all
Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=ACL_WEBDAV_USER,DC=domain,DC=local
</Files>
</Directory>

<Directory /mnt/Test/test_home/*/*>
Options +Indexes
IndexIgnore ..
IndexOptions -IconsAreLinks NameWidth=* FancyIndexing SuppressLastModified FoldersFirst
IndexOrderDefault Ascending Name
Dav On
AuthName "AUTH_NAME"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://<ldap_server>:3268/DC=domain,DC=local?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "ldap@domain.local"
AuthLDAPBindPassword "secure_passwd"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
# Require valid-user
<LimitExcept OPTIONS>
# Require group rw
deny from all
Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=ACL_WEBDAV_USER,DC=domain,DC=local
</LimitExcept>
<Limit OPTIONS HEAD GET PROPFIND POST PUT PROPPATCH PATCH COPY DELETE MOVE MKCOL LOCK UNLOCK>
# Require group ro
# Order deny,allow
allow from all
Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=ACL_WEBDAV_USER,DC=domain,DC=local
</Limit>
</Directory>



Output from /var/log/apache2/error.log:


IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] [WEBDAV_URL/sid#b905d708][rid#b938e608/initial] (2) init rewrite engine with requested uri /Test/test_home/Präsentation.pdf

IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] [WEBDAV_URL/sid#b905d708][rid#b938e608/initial] (3) applying pattern '^/entry/home/(.*?)$' to uri '/Test/test_home/Präsentation.pdf'

IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] [WEBDAV_URL/sid#b905d708][rid#b938e608/initial] (3) applying pattern '^/Test/test_home/(.*?)$' to uri '/Test/test_home/Präsentation.pdf'

IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] [WEBDAV_URL/sid#b905d708][rid#b938e608/initial] (4) RewriteCond: input='/Test/test_home/Präsentation.pdf' pattern='^/Test/test_home' => matched

IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] [WEBDAV_URL/sid#b905d708][rid#b935f3c0/subreq] (2) init rewrite engine with requested uri /Test/test_home/Präsentation.pdf

IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] [WEBDAV_URL/sid#b905d708][rid#b935f3c0/subreq] (3) applying pattern '^/entry/home/(.*?)$' to uri '/Test/test_home/Präsentation.pdf'

IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] [WEBDAV_URL/sid#b905d708][rid#b935f3c0/subreq] (3) applying pattern '^/Test/test_home/(.*?)$' to uri '/Test/test_home/Präsentation.pdf'

IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] [WEBDAV_URL/sid#b905d708][rid#b935f3c0/subreq] (4) RewriteCond: input='/Test/test_home/Präsentation.pdf' pattern='^/Test/test_home' => matched

IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] [WEBDAV_URL/sid#b905d708][rid#b935f3c0/subreq] (2) rewrite '/Test/test_home/Präsentation.pdf' -> '/mnt/Test/test_home//Präsentation.pdf'

IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] [WEBDAV_URL/sid#b905d708][rid#b935f3c0/subreq] (2) local path result: /mnt/Test/test_home//Präsentation.pdf

IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] [WEBDAV_URL/sid#b905d708][rid#b935f3c0/subreq] (1) go-ahead with /mnt/Test/test_home//Präsentation.pdf [OK]

IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] [WEBDAV_URL/sid#b905d708][rid#b938e608/initial] (2) rewrite '/Test/test_home/Präsentation.pdf' -> '/mnt/Test/test_home//Präsentation.pdf'

IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] [WEBDAV_URL/sid#b905d708][rid#b938e608/initial] (2) local path result: /mnt/Test/test_home//Präsentation.pdf

IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] [WEBDAV_URL/sid#b905d708][rid#b938e608/initial] (1) go-ahead with /mnt/Test/test_home//Präsentation.pdf [OK]



Output from /var/log/apache2/ssl-access.log:


IP_ADDRESS - - [20/Dec/2013:11:28:22 +0100] "PUT /Test/test_home/Pra%CC%88sentation.pdf HTTP/1.1" 403 644 "-" "iWorkHTTPKit (iPad; iPhone OS 7.0.4; de_DE) Keynote/1075"

Posted on Dec 20, 2013 3:43 AM

Reply

There are no replies.

WebDAV & iWorks - REMOTE_USER not given in RewriteRule when writing files

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.