Re: [galaxy-dev] LDAP authentification

[Langhorst, Brad]

Hi Sarah:

I don't know what kind of LDAP you're talking to... I'm talking to Active
Directory and this configuration works in that situation.

Order allow,deny
                allow from all

                AuthType Basic
                AuthName "NEB Credentials"
                AuthBasicProvider ldap
                AuthzLDAPAuthoritative off
                AuthLDAPBindDN ccaloo...@neb.com
                AuthLDAPBindPassword <password>
                AuthLDAPURL
"ldap://<ldap.domain.com>:389/dc=domain,dc=com?sAMAccountName"
                require valid-user
                
                RewriteCond %{IS_SUBREQ} ^false$
                RewriteCond %{LA-U:REMOTE_USER} (.+)
                RewriteRule . - [E=RU:%1]
                RequestHeader set REMOTE_USER
%{AUTHENTICATE_sAMAccountName}e


-- 
Brad Langhorst
New England Biolabs
langho...@neb.com

 





On 1/19/12 8:59 AM, "Sarah Maman" <sarah.ma...@toulouse.inra.fr> wrote:

>Hello,
>
>I'm trying to install galaxy on a apache server,and i have the same
>error message than David HOOVER when i tried to generate the
>authentification files. Thanks to David Hoover who gives me some helpful
>explanation.
>
>When i read the thread on gmod, it seems,that the problem is solved
>(http://gmod.827538.n3.nabble.com/trouble-with-authentication-through-Apac
>he-td1809681.html 
><http://gmod.827538.n3.nabble.com/trouble-with-authentication-through-Apac
>he-td1809681.html>)
>but I did not find the solution in my case.
>
>I use LDAP authentification and Galaxy is implemented on a VM.
>
>Could you please explain me how to solve it.  I really need help.
>
>I modified universe file ( in galaxy-dist) and i created .htaccess file
>in galaxy-dist/ :
>* in universe_wsgi.ini:
>
>use_remote_user = True
>remote_user_maildomain = example.org <http://example.org>
>
>* in .htaccess file in galaxy-dist/ Directory :
>
>   1 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_1> # Define Galaxy as a
>valid Proxy
>   2 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_2> <Proxy
>http://localhost:8080>
>   3 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_3>     Order deny,allow
>   4 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_4>     Allow from all
>   5 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_5> </Proxy>
>   6 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_6> #!highlight apache
>   7 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_7> <Location "/">
>   8 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_8>     AuthType Basic
>   9 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_9>     AuthBasicProvider
>*ldap*
>  10 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_10>     Auth*LDAP*URL
>"*ldap*://server:389/ou=People,dc=example,dc=org?uid?sub?(objectClass=pers
>on)"
>  11 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_11>
>Authz*LDAP*Authoritative off
>  12 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_12>     Require valid-user
>  13 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_13>     # Set the
>REMOTE_USER header to the contents of the *LDAP* query response's "uid"
>attribute
>  14 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_14>     RequestHeader set
>REMOTE_USER %{AUTHENTICATE_uid}e
>  15 
><http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy?highlight=%28Ldap%2
>9#CA-e07a9dbbf4f816c0970d4995f4abb957a6683638_15> </Location>
>
>with location, AuthBasicProvider and proxy competed
>
>But i have the error :
>
>Access to Galaxy is denied
>
>Galaxy is configured to authenticate users via an external method (such
>as HTTP authentication in Apache), but a username was not provided by
>the upstream (proxy) server. This is generally due to a misconfiguration
>in the upstream server.
>
>Thank you, and best regards
>
>Sarah Maman
>
>
>___________________________________________________________
>Please keep all replies on the list by using "reply all"
>in your mail client.  To manage your subscriptions to this
>and other Galaxy lists, please use the interface at:
>
>  http://lists.bx.psu.edu/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/