I'm trying to setup Trac, using mod_wsgi, LDAP and a xml theming proxy
called collective.xdv.
Thanks to users on this list I've got pretty close, using the Apache
configuration below, however I'm encountering the following 2 major
issues:
1) I've noticed that during testing, if I access the Trac site via
8202, the 8022 site errors with 'RuntimeError: instance.__dict__ not
accessible in restricted mode' and will not work again till Apache is
restarted. 8202 still works regardless of if 8022 is erroring or
accessed. This seems related to this Trac bug:
http://trac.edgewall.org/ticket/3371 . But I'm not using mod_python
and WSGIProcessGroup and WSGIApplicationGroup are the same value.
(More detail regarding this problem is also here:
http://serverfault.com/questions/180850 )
2) LDAP on Trac only works via port 8202, not via 8022. Fairly
obviously because that's where the rule is set-up. But the rest of the
site on 8022 doesn't need to be LDAP protected. How do I apply the
LDAP authentication behind the proxy? Can the proxy somehow inherit
the authentication rule when Trac is requested? (More detail regarding
this problem is also here: http://serverfault.com/questions/180845 )
I'd appreciate any input this list might have.
<VirtualHost foo.bar.com:8022>
ServerName foo.bar.com
ServerAlias foo.bar.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^/(.*) http://0.0.0.0:8002/$1 [P]
</VirtualHost>
<VirtualHost foo.bar.com:8202>
ServerName foo.bar.com
ServerAlias foo.bar.com
<Directory "/home/web/foo/parts/trac/tracwsgi/cgi-bin">
WSGIDaemonProcess trac stack-size=524288
python-path=/usr/lib/python2.5/site-packages
WSGIScriptAlias /trac
/home/web/foo/parts/trac/tracwsgi/cgi-bin/trac.wsgi
WSGIProcessGroup %{GLOBAL}
WSGIApplicationGroup %{GLOBAL}
Options +Indexes FollowSymLinks
AllowOverride None
Allow from all
Order allow,deny
</Directory>
<Location "/trac">
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "Login"
AuthLDAPURL "ldap://127.0.0.1:389/dc=foo-bar,dc=org?uid";
AuthLDAPBindDN "cn=admin, dc=foo-bar, dc=org"
AuthLDAPBindPassword secretword
require valid-user
</Location>
</VirtualHost>
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To post to this group, send email to trac-us...@googlegroups.com.
To unsubscribe from this group, send email to
trac-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/trac-users?hl=en.
