How I built a Apache front-end for a Windows Share with SSL and LDAP Authentication

09 Feb 2011
Ad:

When my company migrated from Exchange 2003 to Exchange 2007 public folder became a big issue. Public folders where used to share documents to our road-warriors. So to fix this we installed a sharepoint server

The problem is that the sharepoint install was like using a rocket propelled grenade to kill a fly. It became more of a problem than a nice way to distribute documents to the people on the road.

So I decided to set up a web-based front-end running apache that points to the windows share that everyone in our office uses.

1. Setting up the virtual machine in our VMware vSphere cluster

OS and SSH

I started by installing a basic Debian 5 server without the GUI stuff. I also installed SSH for remote access..

VMware Tools

I installed VMware tools on the newly created VM.

# apt-get install build-essential
# mount /cdrom
# cp /cdrom/VMware* /tmp
# umount /cdrom
# cd /tmp
# tar xvfz VMware*.gz
# cd vmware-tools-distrib/
# ./vmware-install.pl

2. Webserver

Apache 2.2

I installed apache2.2 by running the following command.

# aptitude install apache2

PHP5

PHP is not actually a part of this setup but I figured that I would install it for future use..

# aptitude install php5 libapache2-mod-php5
# /etc/init.d/apache2 restart

Add support for MySQL in PHP

# aptitude install php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-json
# /etc/init.d/apache2 restart

3. Mount the Windows Share as part of the filesystem.

I mounted the share to the /var/www (to make it simple)..

# apt-get install smbfs 
# update-rc.d -f umountnfs.sh remove
# update-rc.d umountnfs.sh stop 15 0 6 .

I added the following to the fstab: (I have substituted the actual paths and share names with < ... >)

//<Windows fileserver>/<Windows share> /var/www/<Windows share> smbfs //iocharset=utf8,file_mode=0777,dir_mode=0777,user=<domain>/<username>,password=<password>,gid=33 0 0

To mount the share:

mount -a

4. Security settings

Block access to http://<serverURL>/<Windows share> over port 80 (unencrypted)

I added the following to the /etc/apache2/sites-enabled/000-default

<Directory /var/www/<Windows share> >
    Deny from All
</Directory>

Activate support for LDAP authentication in Apache

I created the following symlinks for modldap and modauthnz_ldap from /etc/apache2/mods-available to mods-enabled

SSL and LDAP authentication

I started by activating SSL by creating a symlink from ssl configuration file (/etc/apache2/sites-available/default-ssl) to the /etc/apache2/sites-enabled directory.

The I made the following changes to the configuration file.

<Directory /var/www/<Windows share>  >
    Order deny,allow
    Deny from All
    AuthType Basic
    AuthName "<Name of the share>"
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative on
    AuthLDAPURL ldap://<Windows domaincontroller>:389/dc=<domain>,dc=<local>?sAMAccountName?sub     
    AuthLDAPBindDN "cn=<Bind user that checks the AD>,ou=<some ou with the user>,dc=<domain>,dc=local"
    AuthLDAPBindPassword <password for the binduser>
    Satisfy any
    require valid-user
</Directory>

5. Creating the redirect from http to https

Pretty much every user will open http://<serverURL>/<Windows share> instead of https://<serverURL>/<Windows share>. So I have to create an automatic redirect.

I created the following /var/www/index.php file.

<?php
header( 'Location: https://<serverURL>/<Windows share>');
phpinfo();
?>

6. Nicer looking icons on my index page

I didn't like the standard Apache index look so I did the following.

# cd /tmp
# apt-get install bzr
# bzr get http://code.ecchi.ca/apache-tango-icons
# ./install.sh

I have also changed the /etc/apache2/mods-enabled/autoindex.conf

IndexIgnore .??* ~* Thumbs.db *.lnk SyncToy_*
IndexStyleSheet "/icons/style.css"

I created/changed the /usr/share/apache2/icons/style.css with the following content.

body {
    font: 85% Arial,Helvetica,Sans-serif;
    color: #444;
    line-height: 2.2em;
    background: #f9f7f5;
}
a:link, a:visited { color: #4265a7; }
.entry a:link, .entry a:visited { font-weight: bold; }
a:hover { color: #993333; }

address {display: none}
table {
    border-collapse: collapse;
    width: 80%;
}
td, th {
  padding: 2px;
}

Sources

  1. Debian install ISOs
  2. How to install Apache, mysql etc.
  3. Apache authentication, LDAP etc.
  4. Better lookling icons for the index listing