Skip to content

Commit

Permalink
link the Active Directory example in the howto section
Browse files Browse the repository at this point in the history
  • Loading branch information
drakkan committed Mar 22, 2021
1 parent 79060d3 commit 28f1d66
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 23 deletions.
1 change: 1 addition & 0 deletions docs/howto/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@
Here we collect step-to-step tutorials. SFTPGo users are encouraged to contribute!

- [SFTPGo with PostgreSQL data provider and S3 backend](./postgresql-s3.md)
- [SFTPGo on Windows with Active Directory Integration + Caddy Static File Server](https://www.youtube.com/watch?v=M5UcJI8t4AI)
43 changes: 21 additions & 22 deletions examples/php-activedirectory-http-server/README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# php-activedirectory-http-server
# SFTPGo on Windows with Active Directory Integration + Caddy Static File Server Example

[![SFTPGo on Windows with Active Directory Integration + Caddy Static File Server Example](https://img.youtube.com/vi/M5UcJI8t4AI/0.jpg)](https://www.youtube.com/watch?v=M5UcJI8t4AI)

Expand All @@ -8,18 +8,17 @@ The Youtube Walkthrough/Tutorial video above goes into considerable more detail,

Additionally, I go through using the Caddy web server, to help enable serving of static files, if this is something that would be of interest for you.

To get started, you'll want to download the latest release ZIP package from the `sftpgo-ldap-http-server` repository:
* https://github.com/orware/sftpgo-ldap-http-server
To get started, you'll want to download the latest release ZIP package from the [sftpgo-ldap-http-server repository](https://github.com/orware/sftpgo-ldap-http-server).

The ZIP itself contains the `sftpgo-ldap-http-server.exe` file, along with an `OpenLDAP` folder (mainly to help if you want to use TLS for your LDAP connections), and a `Data` which contains a logs folder, a configuration.example.php file, a functions.php file, and the LICENSE and README files.

The video above goes through the whole process, but to get started you'll want to install SFTPGo on your server, and then extract the `sftpgo-ldap-http-server` ZIP file on the server as well into a separate folder. Then you'll want to copy the configuration.example.php file and name it `configuration.php` and begin customizing the settings (e.g. add in your own LDAP settings, along with how you may want to have your folders be created). At the very minimum you'll want to make sure that the home directories are set correctly to how you want the folders to be created for your environment (you don't have to use the virtual folders or really any of the other functionality if you don't need it).

Once configured, from a command prompt window, if you are already in the same folder as where you extracted the `sftpgo-ldap-http-server` ZIP, you may simply call the `sftpgo-ldap-http-server.exe` and it should start up a simple HTTP server on Port 9001 running on localhost (the port can be adjusted via the `configuration.php` file as well). Now all you have to do is point SFTPGo's `external_auth_hook` option to point to `http://localhost:9001/` and you should be able to run some authentication tests (assuming you have all of your settings correct and there are no intermediate issues).
Once configured, from a command prompt window, if you are already in the same folder as where you extracted the `sftpgo-ldap-http-server` ZIP, you may simply call the `sftpgo-ldap-http-server.exe` and it should start up a simple HTTP server on Port 9001 running on localhost (the port can be adjusted via the `configuration.php` file as well). Now all you have to do is point SFTPGo's `external_auth_hook` option to point to `http://localhost:9001/` and you should be able to run some authentication tests (assuming you have all of your settings correct and there are no intermediate issues).

The video above definitely goes through some troubleshooting situations you might find yourself coming across, so while it is long (at about 1 hour, 42 minutes), it may be helpful to review and avoid some issues and just to learn a bit more about SFTPGo and the integration above.

## Example Virtual Folders Configuration (Allowing for Both a Public and Private Folder):
## Example Virtual Folders Configuration (Allowing for Both a Public and Private Folder)

The following can be utilized if you'd like to assign your users both a Private Virtual Folder and Public Virtual Folder.

Expand Down Expand Up @@ -52,7 +51,7 @@ $virtual_folders['example'] = [
];
```

## Example Connection "Output Object" Allowing For No Files in the User's Home Directory ("Root Directory") but Allowing for Files in the Public/Private Virtual Folders:
## Example Connection "Output Object" Allowing For No Files in the User's Home Directory ("Root Directory") but Allowing for Files in the Public/Private Virtual Folders

The magic here happens in the "permissions" value, by limiting the root/home directory to just the list/download permissions, and then allowing all permissions on the Public/Private virtual folders.

Expand Down Expand Up @@ -82,7 +81,7 @@ $connection_output_objects['example'] = [
];
```

## Recommended Usage of Automatic Groups Mode (Limiting by Group Prefix):
## Recommended Usage of Automatic Groups Mode (Limiting by Group Prefix)

The `sftpgo-ldap-http-server` project is able to automatically create virtual folders for any groups your user is a memberof if the automatic mode is turned on. However, by having a specific set of allowed prefixes defined, you can limit things to just those groups that begin with the prefixes you've listed, which can be helpful. The prefix itself will be removed from the group name when added as a virtual folder for the user.

Expand Down Expand Up @@ -114,25 +113,25 @@ $allowed_group_prefixes = [
];
```

## Example Caddyfile Configuration You Can Adapt for Your Needs:
## Example Caddyfile Configuration You Can Adapt for Your Needs

```
```shell
### Re-usable snippets:

(add_static_file_serving_features) {

# Allow accessing files without requiring .html:
try_files {path} {path}.html

# Enable Static File Server and Directory Browsing:
file_server browse

# Enable templating functionality:
templates

# Enable Compression for Output:
encode zstd gzip

handle_errors {
respond "<pre>{http.error.status_code} {http.error.status_text}</pre>"
}
Expand All @@ -141,16 +140,16 @@ $allowed_group_prefixes = [
(add_hsts_headers) {
header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always

# connect via HTTPS (do not use if only testing)
Strict-Transport-Security "max-age=31536000; includeSubDomains"

# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"

# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"

# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"

Expand All @@ -166,7 +165,7 @@ $allowed_group_prefixes = [
roll_keep 5
roll_keep_for 720h
}

format json
#format console
#format single_field common_log
Expand All @@ -176,10 +175,10 @@ $allowed_group_prefixes = [
### Site Definitions:

public.example.com {

# Site Root:
root * F:\files\public

import add_logging_with_path "F:\caddy\logs\public_example_com_access.log"
import add_static_file_serving_features
import add_hsts_headers
Expand All @@ -190,7 +189,7 @@ public.example.com {

webdav.example.com {
reverse_proxy localhost:9000

import add_logging_with_path "F:\caddy\logs\webdav_example_com_access.log"
}
```
```
4 changes: 3 additions & 1 deletion webdavd/webdavd_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1710,7 +1710,9 @@ func TestClientCertificateAuthRevokedCert(t *testing.T) {
client := getWebDavClient(user, true, tlsConfig)
err = checkBasicFunc(client)
if assert.Error(t, err) {
assert.Contains(t, err.Error(), "bad certificate")
if !strings.Contains(err.Error(), "bad certificate") && !strings.Contains(err.Error(), "broken pipe") {
t.Errorf("unexpected error: %v", err)
}
}

_, err = httpdtest.RemoveUser(user, http.StatusOK)
Expand Down

0 comments on commit 28f1d66

Please sign in to comment.