April 16, 2011

Making Lotus Domino WebDAV actually work

Configuring Lotus Domino WebDAV for third-party tools development has had us struggling a few days until we succeeded on make it actually work. There is a good article here that explains the basis of allowing WebDAV into your server.

However, that’s not all of it. The method above will never work unless you set the right permissions for the user ‘anonymous’ to the database you want to access. That’s it: individual database access must be configured, as it is explained here. The official reference can be also of help, although a bit outdated.

Even then, we had a lot of trouble working with the WebDAV enabled browsing. Under Windows 7 with Explorer, it seemed not allow any kind of file copying – but it allowed to create folders and files by right clicking directly on the directory, though. Also, we were having problems on MAC OS Finder in form of random write errors. All this stuff was pretty confusing and unclear on every forum and blog that we visited for help.

So, eventually, we found out a solution: do not use Explorer nor Finder at all! There are good WebDAV tools that work much like an FTP client (like Cyberduck or BitKinex’s WebDAV client that work very well and do not present the problems we had with the OS built-in clients.

In addition, both clients support authentication, which allows to connect using our own credentials instead of having to open the database access to all anonymous connections (a clearly potential security breach). We just had to configure the database to support ‘design locking’ since it is used by some WebDAV clients on write operations.

To sum up, the key points to make Lotus Domino WebDAV work are:

  • Configure the server to allow WebDAV connections. This is done once for all databases.
  • Configure the database for design blocking (required for some clients) – no need to change access permissions!!
  • Use any other WebDAV client than the OS’s built-in ones.

Update: It seems like Domino requires specific permission rules for the databases being accessed via WebDAV. A user ‘Anonymous’ is required with explicitely no access at all: otherwise, when trying to connect with your own user, being a web interface (whose default user is, by the way, ‘Anonymous’), Domino seems to stop processing access rules at this profile, therefore not allowing any further connection.