<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 11/10/2014 12:14 AM, Thomas Lau
wrote:<br>
</div>
<blockquote
cite="mid:CAEZt6eBAijsswNgb1zb4pRKwxCK2f9NwULyyvt=RQ+H4GEdsBQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_default"
style="font-family:verdana,sans-serif;font-size:small">Hi All,</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif;font-size:small"><br>
</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif;font-size:small">I am
successfully letting Apache auth against FreeIPA, but whatever
folder/files being created on WebDav server would be using
Apache user and group instead of login user/group, does anyone
know how to fix this?</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif;font-size:small"><br>
</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif;font-size:small">Kerberos
+ LDAP config:</div>
<div class="gmail_default"
style="font-family:verdana,sans-serif;font-size:small"><br>
</div>
<div class="gmail_default" style=""><font face="verdana,
sans-serif"><a moz-do-not-send="true"
href="http://pastebin.com/zpP3TEst">http://pastebin.com/zpP3TEst</a></font><br>
</div>
<div><br>
</div>
-- <br>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div><font face="verdana, sans-serif">Thomas Lau</font></div>
<div><font face="verdana, sans-serif">Director of
Infrastructure</font></div>
<div><font face="verdana, sans-serif">Tetrion Capital
Limited</font></div>
<div><font face="verdana, sans-serif"><br>
</font></div>
<div><font face="verdana, sans-serif">Direct:
+852-3976-8903</font></div>
<div><font face="verdana, sans-serif">Mobile:
+852-9323-9670</font></div>
<div><font face="verdana, sans-serif">Address: 20/F, IFC
1, Central district, Hong Kong</font></div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
Can you please give a bit more context and architecture? Are you
building you own WebDav server or using an existing implementation?
Which one?<br>
Not being familiar with the internals of WebDav I would assume that
impersonation would be a function of your WebDav server. However
AFAIU it would need to use something like oddjob to create files and
directories on the file system to make them be owned by the users.<br>
<br>
Also this might give you some hints on how we recommend to hook web
applications into IPA.<br>
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/Web_App_Authentication">http://www.freeipa.org/page/Web_App_Authentication</a><br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>