WebDAV

Zimbra Collaboration & WebDAV

   KB 2420        Last updated on 2015-07-30  




0.00
(0 votes)


WebDAV

Web-based Distributed Authoring and Versioning is an extension to HTTP allowing users to remotely manage and edit files on WWW servers. These files could be shared by these users and/or they can work upon them collaboratively.

The main feature is that you can create, change and move documents on a remote server which is generally a web server or a so called "web share". You can mainly use it for authoring (as the name suggests) the documents on the web share but also for sharing large files that can be accessed from anywhere making it an online storage unit so to speak.

Features

Other features of WebDAV protocol are:

  1. locking (overwrite prevention),
  2. properties (creation, removal, and querying of information about author, modified date, etc.),
  3. name space management (ability to copy and move Web pages within a server's namespace) and
  4. collections (creation, removal, and listing of resources).

WebDAV is supported built-in by major Operating systems.

RFC standard number is 2518: http://www.ietf.org/rfc/rfc2518.txt

Mounting/Opening a remote folder on a local machine

You can mount a remote share on the local machine and work on it as if it is a local folder.

For example, this is how it looks the Briefcase in Internet Explorer, you can preview for example the images on it:

Zimbra-webdav-win10-001.png

Microsoft Windows

This is dependent on what update level you are on windows. Please refer to the following article for more information:

Windows 10, 8.1, 8 and 7

Windows 10, 8.1 and 8 use the WebClient Services to connect to a WebDAV Servers, by default the WebClient service is disabled, so we need to enable it, and also change the service to start automatically when Microsoft Windows starts:

Zimbra-webdav-win-002.png

Then Start it and change the startup type to Automatically:

Zimbra-webdav-win-003.png

Using the CMD

Check if the WebClient Service is running and set to "Start Automatically". From a command prompt you can start WebClient Services by typing

net start webclient

You need to run cmd.exe with elevated privileges if you have UAC enabled. BasicAuthLevel

If you are not using a Commercial SSL Certificate

Use a valid Commercial SSL certificate is the recommended state for all Zimbra Collaboration environments, in case you don't have one, you will need to change some values in your Microsoft Windows to connect to your Zimbra server, and add the Zimbra CA into your SSL Certificate Trusted Store.

  • Set the Windows registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters\BasicAuthLevel

from 1 (default) to 2 unless you're using commercial Certificates and mixed mode enabled to access the ZWC via https://

  • Now is turn to export and import the Zimbra CA for the Self-Signed SSL Certificate. You can obtain the Zimbra Ca under the directory /opt/zimbra/ssl/zimbra/ca/ca.pem
    • Copy the ca.pem to any folder in Windows and change the extension from ca.pem to ca.cer for example.
    • You will need Administrator rights to run the next commands, double-click in the ca.cer and click on Install Certificate.
Zimbra-webdav-win10-008.png

    • Select the Local Machine Store location and press Next.
Zimbra-webdav-win10-009.png

    • You will receive a warning question, click Yes.
Zimbra-webdav-win10-010.png

    • Select the second option, Place all certificates in the following store, and select the Trusted Root Certification Authorities:
Zimbra-webdav-win10-011.png

    • You can receive a warning, click Yes again and click finish in the next step, then you will have the SSL Certificate installed. Open your Internet Explorer and type your HTTPS://FQDN, you need to see that is a "valid" SSL certificate.
Zimbra-webdav-win10-012.png

URL Schema

Now that we have enabled the WebClient service, we can connect to our Zimbra Server, in the Microsoft Windows Explorer, go to Computer > Map Network Drive

Zimbra-webdav-win10-002.png

Then you need to use the next URL to connect to your server:

For non-SSL environments

Use the next URL:

\\zimbra.example.com@80\DavWWWRoot\dav\user.name<without-domain-name>\Briefcase
For SSL environments

Use the next URL:

\\zimbra.example.com@SSL\DavWWWRoot\dav\user.name<without-domain-name>\Briefcase

Example with SSL, Self-Signed or Commercial one

This is an example using a SSL certificate, Self-signed or Commercial one, are the same steps:

Zimbra-webdav-win10-003.png

The wizard will ask for the Zimbra credentials:

Zimbra-webdav-win10-004.png

Once the credentials are the valid ones, then you will see under your Computer a new Network Drive:

Zimbra-webdav-win10-005.png

And if you open the Network Share, you will find all the content that you have in your Zimbra Briefcase, you can edit the files, open them, add new files, etc.

Zimbra-webdav-win10-006.png

Error connecting to the WebDAV - Mutual Authentication failed

In the case you are not using a valid Commercial Certificate, or import the Self-Signed CA in case you want to use a Self-Signed SSL certificate, after introduce the credentials you will see the next error.

Mutual Authentication failed. The server's password is out of date at the domain controller.
Zimbra-webdav-win10-007.png

Please refer to the previous section about Self-Signed SSL Certificate.

Slow Connection / IE8 Installed

- Close IE8
- Uncheck "Automatically Detect Settings" in IE8 Connection Preferences

Map using CMD

If you are unable to connect in Win7 using the Explorer 'Add Network Location' wizard, it may be possible to use the command prompt and try the following (noted in the Vista section):

net use * http://full.domain.name/dav/username/

[the asterisk automatically picks a drive letter not in use]

WinVista Notes

Only the WebDAV redirector is present in Windows Vista. The original "Web folders" client has been removed. The "Web folders" client is only present if the Microsoft Update for Web Folders is installed. http://www.microsoft.com/downloads/details.aspx?FamilyId=17C36612-632E-4C04-9382-987622ED1D64&displaylang=en

Please note that during testing this did not work on all our test systems, the reason for that is how webDAV is implemented on your site. (There are currently additional bugs for working around Windows Vista SP1 & Windows Server 2008 RC1 differences.)

Win2K, WinXP, Win2K3 Notes

For implementation of WebDAV on Windows XP and later , MSFT made it's own interpretation of the standard to work best with the Windows IIS servers. The problem due to this is three fold:

  1. Windows XP authenticates users using the format "domain\username" by the mechanism of "Microsoft-WebDAV-MiniRedir/5.1.2600". Whereas Windows 98SE/2000 authenticates users as "username" using the mechanism of "Microsoft Data Access Internet Publishing Provider DAV 1.1".
  2. The problem lies with the implementation of "Microsoft-WebDAV-MiniRedir/5.1.2600". If authentication is sent as "domain\username" then it would be received as "usernamedomain" or "usernamehostname" by the Web server and not as "username".
  3. Also as per "Microsoft Knowledge Base, Article ID: 841215" Windows XP disables "Basic Auth" in its "Microsoft-WebDAV-MiniRedir/5.1.2600" mechanism by default for security reasons. But WebDAV expects "Basic Auth".

The standard way to connect to a WebDAV folder looks something like "http(s)://<servername>/dav/<username>". However, a due to a bug in Win XP, this would be interpreted as a M$ network drive/SMB server.

So the solution is to trick Windows XP:

  1. Force Windows XP to use the stable "Microsoft Data Access Internet Publishing Provider DAV 1.1" mechanism instead of "Microsoft-WebDAV-MiniRedir/5.1.2600".
  2. Make Windows XP internally only send username and password and not the domain. [This can be done using the old Windows 2000 WebDAV driver that is present in all Windows XP machines.]
  3. Force Windows XP to authenticate using "Basic Auth".
  4. Prevent XP to interpret "http(s)://<servername>/dav/<username>" as a M$ network drive/SMB server.

Procedure for XP

1. Find the file called "webfldrs.msi", normally under "\WINDOWS\SYSTEM32\". Incase Windows XP Service Packs are installed then the same can be found under "\WINDOWS\ServicePackFiles\i386\".
1a. Run "webfldrs.msi". 
1b. Click on "Select reinstall mode".
1c. Uncheck "Repair all detected reinstall problems". 
1d. Check "Force all files to be reinstalled, regardless of checksum or version".
1e. Check "Verify that required user registry entries are present".
1f. Check "Verify that required machine registry entries are present".
1g. Check "Validate shortcuts".
1h. Press OK and REINSTALL 
2. Modify the Windows registry "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters" and add a new value "UseBasicAuth". 
2a. Choose "Run" in the start menu and type: "regedit" 
2b. In the registry-editor go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters"
2c. Right click into the right field and choose "New" from the context-menu. Choose "DWord-Value".
2d. Name the new value "UseBasicAuth".
2e. Right click on "UseBasicAuth" and choose "Modify".
2f. Change the value "0" (disabled) to "1" (enabled) and click "OK"

Then open in IE or mount it as a network location as discussed in the basic directions above.

If the above doesn't work, I have tried several 3rd party client that helps you to connect to webdav service under windows. And non of them comes close to "netdrive", a freeware from Novell. Once netdrive is connected to your zimbra, you can map it to a local drive letter just like the native windows webdav driver but better. Here is a link: [1]

Basic Directions

IE supports this feature since Win98. Go to File menu -> click on Open -> check the box "Open as Web Folder" and provide the URL. E.g. (for Zimbra Briefcase) http://<servername>/dav/<username(without domain)>/Briefcase

If the above doesn't work there is a workaround for it in which case you have use the following link:

http://user@domain.com:80/dav/<username(without domain)>/Briefcase

Another way to implement this is to "Map it as a network Drive/Location" aka Windows Explorer mount:

  1. Goto the "Add Network Location Wizard" from the control panel (there are multiple ways of accessing this and also varies based on version of MS windows).
  2. Select "Choose a custom network location" and then press Next.
  3. Enter the URL: http://<servername>/dav/<username(without domain)>/Briefcase and then click Next.
  4. You will be prompted for a username/password. Enter your credentials.
  5. Then type in a Name for the Network location and you are done. You can access the Briefcase from this location.

--- It might be possible to use the command prompt and try the following:

net use * http://full.domain.name/dav/username/

[the asterisk automatically picks a drive letter not in use] ---

Linux

Nautilus This is the easiest way of opening up a WebDAV folder in an Explorer/MAC kind of a view. All you have to do is goto and then provide the below link and press enter.

http://<servername>/dav/<username(no need for specifying domain>/Briefcase

The Briefcase will open up in a new window.

If you encounter I/O Errors while trying to write files to the share, edit your /etc/davfs2/davfs2.conf and add

use_locks       0

and eventually adjust the dav_group option to be davfs2.

Cadaver

Another great utility is Cadaver, its a simple CLI based tool (that works similar to ftp) for WebDAV. You need install the cadaver package or RPM for this. Then goto the command line and type this:

  1. cadaver http://<servername>/dav/<username(no need for specifying domain>/Briefcase
  2. It will prompt you for username and password and after successful login it will then give you the dav prompt
  3. help command will give you all the commands available at your disposal.

Mount as local folder

This could be one of the most popular way of using WebDAV wherein you can mount the remote folder on a local folder just like any other NFS share. This involves installing a few of the following rpms that provide the functionality for supporting "davfs2" filesystem type. Once these are installed and all dependencies resolved, you can use the following command to mount your briefcase and work as if it is a local folder:

mount -t davfs http://<servername>/dav/<username(no need for specifying domain)>/Briefcase /<path to mount>

RPMS to install (kindly ensure the RPM architectures - whether its 32bit or 64bit for your system:

davfs2-1.2.2-4.el5.rf.i386.rpm
lwp-1.11-1.i386.rpm
lwp-devel-1.11-1.i386.rpm
rvm-1.9-1.i386.rpm
rvm-devel-1.9-1.i386.rpm
rvm-tools-1.9-1.i386.rpm
ncurses-5.5-24.20060715.i386.rpm
ncurses-devel-5.5-24.20060715.i386.rpm
rpc2-1.21-1.i386.rpm
rpc2-devel-1.21-1.i386.rpm
neon-0.25.5-5.1.i386.rpm
neon-devel-0.25.5-5.1.i386.rpm

Then "fuse" or "coda" kernel modules or both, you can obtain the latest packages from sourceforge. I have tested this on the following:

fuse-2.7.3.tgz
coda-server-6.0.5-1.i386.rpm
coda-client-6.0.5-1.i386.rpm
coda-backup-6.0.5-1.i386.rpm

This didn't work on a few of the test systems running RHEL4 U4 & U5 and RHEL5. I am getting down to the cause for this and will update this page as soon as I have any updates.

Ubuntu

To be able to use this on Ubuntu, you have to install the package davfs2. This can easily been done with the command:

apt-get install davfs2

However, you are now able to mount it, but you will not be able to write to the Briefcase. See this guide for now on how to solve this.

Mac

Mount in Finder

Open your Finder using COMMAND+K or the next flow Finder > Go > Connect to Server

Webdav-mac-001.png

Put the address of your server, following with your email address changing the @ for the %40, is the encoded form of the @ sign.

https://SERVER/dav/USER%40DOMAIN

Note: If you want to connect only to the Briefcase instead all the Mailbox, please use the next URL:

 https://SERVER/dav/USER%40DOMAIN/Briefcase

If you are using a Self-signed Certificate you need to accept the next Warning:

Webdav-mac-002.png

You will need to write your Email address and your password to authenticate in the Zimbra Collaboration server:

Webdav-mac-003.png

If you are using Self-Signed Certificate, you will need to accept the next warning one more time:

Webdav-mac-002.png

And you will connect now to your Zimbra Collaboration Mailbox:

Webdav-mac-005.png

If you navigate into the Briefcase you will see the files that you have there:

Webdav-mac-006.png

Mac OS X 10.4: How to prevent .DS_Store file creation over network connections


Verified Against: Zimbra Collaboration 8.6, 8.5, 8.0 Date Created: 4/14/2008
Article ID: https://wiki.zimbra.com/index.php?title=WebDAV Date Modified: 2015-07-30



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search