WebDAV
Zimbra Collaboration & WebDAV
WebDAV
Web-based Distributed Authoring and Versioning is an extension to HTTP allowing users to remotely manage and edit files on WWW servers. These files could be shared by these users and/or they can work upon them collaboratively.
The main feature is that you can create, change and move documents on a remote server which is generally a web server or a so called "web share". You can mainly use it for authoring (as the name suggests) the documents on the web share but also for sharing large files that can be accessed from anywhere making it an online storage unit so to speak.
Features
Other features of WebDAV protocol are:
- locking (overwrite prevention),
- properties (creation, removal, and querying of information about author, modified date, etc.),
- name space management (ability to copy and move Web pages within a server's namespace) and
- collections (creation, removal, and listing of resources).
WebDAV is supported built-in by major Operating systems.
RFC standard number is 2518: http://www.ietf.org/rfc/rfc2518.txt
Mounting/Opening a remote folder on a local machine
You can mount a remote share on the local machine and work on it as if it is a local folder.
For example, this is how it looks the Briefcase in Internet Explorer, you can preview for example the images on it:
Microsoft Windows
This is dependent on what update level you are on windows. Please refer to the following article for more information:
- http://support.microsoft.com/kb/892211
- http://www.microsoft.com/downloads/details.aspx?FamilyId=17C36612-632E-4C04-9382-987622ED1D64&displaylang=en
Windows 10, 8.1, 8 and 7
Windows 10, 8.1 and 8 use the WebClient Services to connect to a WebDAV Servers, by default the WebClient service is disabled, so we need to enable it, and also change the service to start automatically when Microsoft Windows starts:
Then Start it and change the startup type to Automatically:
Using the CMD
Check if the WebClient Service is running and set to "Start Automatically". From a command prompt you can start WebClient Services by typing
net start webclient
You need to run cmd.exe with elevated privileges if you have UAC enabled. BasicAuthLevel
If you are not using a Commercial SSL Certificate
Use a valid Commercial SSL certificate is the recommended state for all Zimbra Collaboration environments, in case you don't have one, you will need to change some values in your Microsoft Windows to connect to your Zimbra server, and add the Zimbra CA into your SSL Certificate Trusted Store.
- Set the Windows registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters\BasicAuthLevel
from 1 (default) to 2 unless you're using commercial Certificates and mixed mode enabled to access the ZWC via https://
- Now is turn to export and import the Zimbra CA for the Self-Signed SSL Certificate. You can obtain the Zimbra Ca under the directory /opt/zimbra/ssl/zimbra/ca/ca.pem
- Copy the ca.pem to any folder in Windows and change the extension from ca.pem to ca.cer for example.
- You will need Administrator rights to run the next commands, double-click in the ca.cer and click on Install Certificate.
- Select the Local Machine Store location and press Next.
- You will receive a warning question, click Yes.
- Select the second option, Place all certificates in the following store, and select the Trusted Root Certification Authorities:
- You can receive a warning, click Yes again and click finish in the next step, then you will have the SSL Certificate installed. Open your Internet Explorer and type your HTTPS://FQDN, you need to see that is a "valid" SSL certificate.
URL Schema
Now that we have enabled the WebClient service, we can connect to our Zimbra Server, in the Microsoft Windows Explorer, go to Computer > Map Network Drive
Then you need to use the next URL to connect to your server:
For non-SSL environments
Use the next URL:
\\zimbra.example.com@80\DavWWWRoot\dav\user.name<without-domain-name>\Briefcase
For SSL environments
Use the next URL:
\\zimbra.example.com@SSL\DavWWWRoot\dav\user.name<without-domain-name>\Briefcase
Example with SSL, Self-Signed or Commercial one
This is an example using a SSL certificate, Self-signed or Commercial one, are the same steps:
The wizard will ask for the Zimbra credentials:
Once the credentials are the valid ones, then you will see under your Computer a new Network Drive:
And if you open the Network Share, you will find all the content that you have in your Zimbra Briefcase, you can edit the files, open them, add new files, etc.
Error connecting to the WebDAV - Mutual Authentication failed
In the case you are not using a valid Commercial Certificate, or import the Self-Signed CA in case you want to use a Self-Signed SSL certificate, after introduce the credentials you will see the next error.
Mutual Authentication failed. The server's password is out of date at the domain controller.
Please refer to the previous section about Self-Signed SSL Certificate.
Slow Connection / IE8 Installed
- Close IE8 - Uncheck "Automatically Detect Settings" in IE8 Connection Preferences
Map using CMD
If you are unable to connect in Win7 using the Explorer 'Add Network Location' wizard, it may be possible to use the command prompt and try the following (noted in the Vista section):
net use * http://full.domain.name/dav/username/
[the asterisk automatically picks a drive letter not in use]
WinVista Notes
Only the WebDAV redirector is present in Windows Vista. The original "Web folders" client has been removed. The "Web folders" client is only present if the Microsoft Update for Web Folders is installed. http://www.microsoft.com/downloads/details.aspx?FamilyId=17C36612-632E-4C04-9382-987622ED1D64&displaylang=en
Please note that during testing this did not work on all our test systems, the reason for that is how webDAV is implemented on your site. (There are currently additional bugs for working around Windows Vista SP1 & Windows Server 2008 RC1 differences.)
Win2K, WinXP, Win2K3 Notes
For implementation of WebDAV on Windows XP and later , MSFT made it's own interpretation of the standard to work best with the Windows IIS servers. The problem due to this is three fold:
- Windows XP authenticates users using the format "domain\username" by the mechanism of "Microsoft-WebDAV-MiniRedir/5.1.2600". Whereas Windows 98SE/2000 authenticates users as "username" using the mechanism of "Microsoft Data Access Internet Publishing Provider DAV 1.1".
- The problem lies with the implementation of "Microsoft-WebDAV-MiniRedir/5.1.2600". If authentication is sent as "domain\username" then it would be received as "usernamedomain" or "usernamehostname" by the Web server and not as "username".
- Also as per "Microsoft Knowledge Base, Article ID: 841215" Windows XP disables "Basic Auth" in its "Microsoft-WebDAV-MiniRedir/5.1.2600" mechanism by default for security reasons. But WebDAV expects "Basic Auth".
The standard way to connect to a WebDAV folder looks something like "http(s)://<servername>/dav/<username>". However, a due to a bug in Win XP, this would be interpreted as a M$ network drive/SMB server.
So the solution is to trick Windows XP:
- Force Windows XP to use the stable "Microsoft Data Access Internet Publishing Provider DAV 1.1" mechanism instead of "Microsoft-WebDAV-MiniRedir/5.1.2600".
- Make Windows XP internally only send username and password and not the domain. [This can be done using the old Windows 2000 WebDAV driver that is present in all Windows XP machines.]
- Force Windows XP to authenticate using "Basic Auth".
- Prevent XP to interpret "http(s)://<servername>/dav/<username>" as a M$ network drive/SMB server.
Procedure for XP
1. Find the file called "webfldrs.msi", normally under "\WINDOWS\SYSTEM32\". Incase Windows XP Service Packs are installed then the same can be found under "\WINDOWS\ServicePackFiles\i386\". 1a. Run "webfldrs.msi". 1b. Click on "Select reinstall mode". 1c. Uncheck "Repair all detected reinstall problems". 1d. Check "Force all files to be reinstalled, regardless of checksum or version". 1e. Check "Verify that required user registry entries are present". 1f. Check "Verify that required machine registry entries are present". 1g. Check "Validate shortcuts". 1h. Press OK and REINSTALL
2. Modify the Windows registry "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters" and add a new value "UseBasicAuth". 2a. Choose "Run" in the start menu and type: "regedit" 2b. In the registry-editor go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters" 2c. Right click into the right field and choose "New" from the context-menu. Choose "DWord-Value". 2d. Name the new value "UseBasicAuth". 2e. Right click on "UseBasicAuth" and choose "Modify". 2f. Change the value "0" (disabled) to "1" (enabled) and click "OK"
Then open in IE or mount it as a network location as discussed in the basic directions above.
If the above doesn't work, I have tried several 3rd party client that helps you to connect to webdav service under windows. And non of them comes close to "netdrive", a freeware from Novell. Once netdrive is connected to your zimbra, you can map it to a local drive letter just like the native windows webdav driver but better. Here is a link: [1]
Basic Directions
IE supports this feature since Win98. Go to File menu -> click on Open -> check the box "Open as Web Folder" and provide the URL. E.g. (for Zimbra Briefcase) http://<servername>/dav/<username(without domain)>/Briefcase
If the above doesn't work there is a workaround for it in which case you have use the following link:
http://user@domain.com:80/dav/<username(without domain)>/Briefcase
Another way to implement this is to "Map it as a network Drive/Location" aka Windows Explorer mount:
- Goto the "Add Network Location Wizard" from the control panel (there are multiple ways of accessing this and also varies based on version of MS windows).
- Select "Choose a custom network location" and then press Next.
- Enter the URL: http://<servername>/dav/<username(without domain)>/Briefcase and then click Next.
- You will be prompted for a username/password. Enter your credentials.
- Then type in a Name for the Network location and you are done. You can access the Briefcase from this location.
--- It might be possible to use the command prompt and try the following:
net use * http://full.domain.name/dav/username/
[the asterisk automatically picks a drive letter not in use] ---
Linux
Nautilus This is the easiest way of opening up a WebDAV folder in an Explorer/MAC kind of a view. All you have to do is goto and then provide the below link and press enter.
http://<servername>/dav/<username(no need for specifying domain>/Briefcase
The Briefcase will open up in a new window.
If you encounter I/O Errors while trying to write files to the share, edit your /etc/davfs2/davfs2.conf and add
use_locks 0
and eventually adjust the dav_group option to be davfs2.
Cadaver
Another great utility is Cadaver, its a simple CLI based tool (that works similar to ftp) for WebDAV. You need install the cadaver package or RPM for this. Then goto the command line and type this:
- cadaver http://<servername>/dav/<username(no need for specifying domain>/Briefcase
- It will prompt you for username and password and after successful login it will then give you the dav prompt
- help command will give you all the commands available at your disposal.
Mount as local folder
This could be one of the most popular way of using WebDAV wherein you can mount the remote folder on a local folder just like any other NFS share. This involves installing a few of the following rpms that provide the functionality for supporting "davfs2" filesystem type. Once these are installed and all dependencies resolved, you can use the following command to mount your briefcase and work as if it is a local folder:
mount -t davfs http://<servername>/dav/<username(no need for specifying domain)>/Briefcase /<path to mount>
RPMS to install (kindly ensure the RPM architectures - whether its 32bit or 64bit for your system:
davfs2-1.2.2-4.el5.rf.i386.rpm lwp-1.11-1.i386.rpm lwp-devel-1.11-1.i386.rpm rvm-1.9-1.i386.rpm rvm-devel-1.9-1.i386.rpm rvm-tools-1.9-1.i386.rpm ncurses-5.5-24.20060715.i386.rpm ncurses-devel-5.5-24.20060715.i386.rpm rpc2-1.21-1.i386.rpm rpc2-devel-1.21-1.i386.rpm neon-0.25.5-5.1.i386.rpm neon-devel-0.25.5-5.1.i386.rpm
Then "fuse" or "coda" kernel modules or both, you can obtain the latest packages from sourceforge. I have tested this on the following:
fuse-2.7.3.tgz coda-server-6.0.5-1.i386.rpm coda-client-6.0.5-1.i386.rpm coda-backup-6.0.5-1.i386.rpm
This didn't work on a few of the test systems running RHEL4 U4 & U5 and RHEL5. I am getting down to the cause for this and will update this page as soon as I have any updates.
Ubuntu
To be able to use this on Ubuntu, you have to install the package davfs2. This can easily been done with the command:
apt-get install davfs2
However, you are now able to mount it, but you will not be able to write to the Briefcase. See this guide for now on how to solve this.
Mac
Mount in Finder
Open your Finder using COMMAND+K or the next flow Finder > Go > Connect to Server
Put the address of your server, following with your email address changing the @ for the %40, is the encoded form of the @ sign.
https://SERVER/dav/USER%40DOMAIN
Note: If you want to connect only to the Briefcase instead all the Mailbox, please use the next URL:
https://SERVER/dav/USER%40DOMAIN/Briefcase
If you are using a Self-signed Certificate you need to accept the next Warning:
You will need to write your Email address and your password to authenticate in the Zimbra Collaboration server:
If you are using Self-Signed Certificate, you will need to accept the next warning one more time:
And you will connect now to your Zimbra Collaboration Mailbox:
If you navigate into the Briefcase you will see the files that you have there:
Mac OS X 10.4: How to prevent .DS_Store file creation over network connections