The problem: 
The goal is public per-user WebDAV storage. Each easer can write its own
directory, but not the others. We also need to auto-create user directories
as they are needed

The solution, authenticating using LDAP:

LoadModule dav_module /usr/pkg/lib/httpd/mod_dav.so
LoadModule dav_fs_module /usr/pkg/lib/httpd/mod_dav_fs.so
LoadModule ldap_module /usr/pkg/lib/httpd/mod_ldap.so
LoadModule authnz_ldap_module /usr/pkg/lib/httpd/mod_authnz_ldap.so
LoadModule auth_basic_module /usr/pkg/lib/httpd/mod_auth_basic.so
LoadModule mkdir_module /usr/pkg/lib/httpd/mod_mkdir.so
#
# (...)
#
# must install -d -u www -g www -m 0775 /var/db/httpd/DavLock
DavLockDB /var/db/httpd/DavLock/DavLock

LDAPTrustedGlobalCert CA_BASE64 /etc/openssl/certs/cacert.crt

<Location /webdav>
    Options +SymLinksIfOwnerMatch -Indexes
    AuthType Basic
    AuthBasicProvider ldap
    AuthName "WebDAV"
    AuthLDAPURL "ldaps://ldap.example.net/dc=example,dc=net?uid?sub?(objectClass=*)"
    AuthLDAPRemoteUserAttribute uid
    Dav On 
    <Limit PROPFIND PUT POST DELETE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
      Require valid-user
    </Limit>
</Location> 

<Directory /htdocs/webdav/>
    # directory auto-creation
    MkdirEnable On
    MkdirMaxDepth 1
    MkdirMethods PROPFIND PUT
    
    # Allow write access only to user's own directory
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(PROPFIND|PUT|POST|DELETE|PROPPATCH|MKCOL|COPY|MOVE|LOCK|UNLOCK)$
    RewriteCond %{REMOTE_USER} ^(.+)
    RewriteCond %1:$1 !^([^:]+):\1$
    RewriteRule ^([^/]+) - [F,L]
</Directory>


