To answer #2, HTTP authentication is a local system only, it does not work with proxies like that.
--Noah > -----Original Message----- > From: trac-users@googlegroups.com [mailto:trac-us...@googlegroups.com] > On Behalf Of Jon Hadley > Sent: Tuesday, September 14, 2010 12:41 AM > To: trac-users@googlegroups.com > Subject: [Trac] Trac + Ldap - Restricted mode error > > I'm trying to setup Trac, using mod_wsgi, LDAP and a xml theming proxy > called collective.xdv. > > Thanks to users on this list I've got pretty close, using the Apache > configuration below, however I'm encountering the following 2 major > issues: > > 1) I've noticed that during testing, if I access the Trac site > via > 8202, the 8022 site errors with 'RuntimeError: instance.__dict__ not > accessible in restricted mode' and will not work again till Apache is > restarted. 8202 still works regardless of if 8022 is erroring or > accessed. This seems related to this Trac bug: > http://trac.edgewall.org/ticket/3371 . But I'm not using mod_python > and WSGIProcessGroup and WSGIApplicationGroup are the same value. > (More detail regarding this problem is also here: > http://serverfault.com/questions/180850 ) > > 2) LDAP on Trac only works via port 8202, not via 8022. Fairly > obviously because that's where the rule is set-up. But the rest of the > site on 8022 doesn't need to be LDAP protected. How do I apply the > LDAP authentication behind the proxy? Can the proxy somehow inherit > the authentication rule when Trac is requested? (More detail regarding > this problem is also here: http://serverfault.com/questions/180845 ) > > I'd appreciate any input this list might have. > > > > <VirtualHost foo.bar.com:8022> > ServerName foo.bar.com > ServerAlias foo.bar.com > > ProxyRequests Off > <Proxy *> > Order deny,allow > Allow from all > </Proxy> > > ProxyPreserveHost On > > RewriteEngine On > RewriteCond %{HTTP:Authorization} ^(.*) > RewriteRule ^/(.*) http://0.0.0.0:8002/$1 [P] > > > </VirtualHost> > > > <VirtualHost foo.bar.com:8202> > ServerName foo.bar.com > ServerAlias foo.bar.com > > <Directory "/home/web/foo/parts/trac/tracwsgi/cgi-bin"> > WSGIDaemonProcess trac stack-size=524288 > python-path=/usr/lib/python2.5/site-packages > WSGIScriptAlias /trac > /home/web/foo/parts/trac/tracwsgi/cgi-bin/trac.wsgi > WSGIProcessGroup %{GLOBAL} > WSGIApplicationGroup %{GLOBAL} > Options +Indexes FollowSymLinks > AllowOverride None > Allow from all > Order allow,deny > </Directory> > > <Location "/trac"> > AuthBasicProvider ldap > AuthType Basic > AuthzLDAPAuthoritative off > AuthName "Login" > AuthLDAPURL "ldap://127.0.0.1:389/dc=foo- > bar,dc=org?uid" > AuthLDAPBindDN "cn=admin, dc=foo-bar, dc=org" > AuthLDAPBindPassword secretword > require valid-user > </Location> > > </VirtualHost> > > -- > You received this message because you are subscribed to the Google > Groups "Trac Users" group. > To post to this group, send email to trac-us...@googlegroups.com. > To unsubscribe from this group, send email to trac- > users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/trac-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to trac-us...@googlegroups.com. To unsubscribe from this group, send email to trac-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.
