Tamino WebDav Server Security - Missing ACL

chrisv · March 28, 2002, 3:52pm

Hello,
i have a problem with the Tamino WebDav Server Security Concept, that i would like to discuss here.

My Installation:
W2K Server
IIS
Tamino XML-Server 3.1.1.1
Tamino WebDAV Server Version 3.1.1.6

I followed the steps that are described in the WebDav Documentation (page 25) with the aim to get full access privilegs
to the xdav:metadata-collection and all web dav enabeld collections.

1. Tamino Manager: Databases->mydb->properties->xml “allow non-authenticated users” is set to “yes”
2. Restart of the Tam-XML-Server

Now, as described in the documentation, this should happen:
1. The user “tws” will be defined by the group “taminowebdavserverwritegroup”.
but on my system:
1 The user “inodavuser” was created and defined by the group “taminowebdavserverwritegroup” (until then only the naming of the user is differnt)

doumentation:
2.a. Check the group’s access privileges by selecting “<HOST_MACHINE> > Tamino > Databases > <DB_name> > Security Manager > User Groups >
taminowebdavserverwritegroup” . It should have the member tws(inodavuser) and the Access Control List “taminowebdavserverwriteaccess”.

2.b. Check the group’s access by selecting “<HOST_MACHINE> > Tamino > Databases >
<DB_name> > Security Manager > User Groups > <DB_name>”.
The user Group “mycoll” has no members and the acl “taminowebdavserverreadaccess”

my system:
2.a. my “taminowebdavserverwritegroup” has the same settings as described in the documentation, that means member = “inodavuser” and ACL =
“taminowebdavserverwriteaccess”

2.b. The counterpart of the user Group “mycoll” on my system has no members and the acl “taminowebdavserverreadaccess”

so until then everything is still ok but no my problems arise:

As mentioned in the documentation you should have at this point 2 acl.
the “taminowebdavserverreadaccess” and the “taminowebdavserverwriteaccess” but all that i have is the taminowebdavserverreadaccess
acl and as i mentioned under 2.a. my taminowebdavserverwritegroup is pointing to the acl “taminowebdavserverwriteaccess”
which i just dont have.

Further on i was unable to connect to the webdavserver until i set the flag of “allow non-authenticated users” back to “no”.
After that i was able to reach the service and browse through my colls with the ms-explorer but im still binded to read access.

Could any one please provide me with some advices or hints?

Thank you very much,
Chris

Guest · March 31, 2002, 10:31pm

Hi Chris,

After installation of the Tamino webdav server your system should be setup like in the documentation.

You need a group ‘taminowebdavserverwritegroup’, that should contain just the user ‘tws’ and a ACL named ‘taminowebdavserverwriteaccess’. This ACL should contain one ACE pointing to the xdav:metadata collection in your database with the ‘write’ right definition. Additionally it should contain an ACE for each collection you have webdav-enabled, also defining write access. The reason for this definition is, just the user ‘tws’ should have write access to the xdav:metadata and the webdav enabled collections. Wtih this defintition it should be possible to access your collection via webdav. If your taminowebdavserverwriteaccess ACL is missing, go to the 'Tamino Manager and define it like I have written above (ACL pointing to xdav:metadata…)

If you still not get webdav to run or you would like to do read/write access to your collection without using webdav, remove the taminowebdavserverwriteaccess and taminowebdavservertread access ACLs. But I’m warning for doing updates on the xdav:metadata or webdav enabled collections without using webdav. In this case you can run into inconsistences between the webdav enabled collections and the webdav metadata.

regards Eckehard

[This message was edited by Ulrike Helfrich on 10 Apr 2002 at 07:41.]

chrisv · April 8, 2002, 3:25pm

Hi Eckehard,

first i like to thank you for your reply
After reading of your explanation i was able to set up a writeuser, a writegroup and a acl with right permission.
User: “wiriteuser”, member of writegroup
Group: “writegroup” with acl writeaccesslist
Acl: “writeacesslist” apply to user group “writegroup”, contains node “nameofcollection” and “xdav:metadata” with full permission

Know im able to work via webdav with my collection

But im still unable to find out why my installation doesn’t automatically create the acl “taminowebdavserverwriteaccess” as it should,
nerverthless thank you very much.

regards

Chris

Guest · April 9, 2002, 3:35pm

Hi Chris,

it sounds for an installation problem, so we will check it.

regards Eckehard

Guest · April 17, 2002, 8:46pm

Hello Chris,

after you changed the DB parameter, did you restart both the Tamino DB Server AND then the Tamino WebDAV Server?

The security entries are checked (and created on the fly) each time webDAV is re-started.

Best regards

Juergen