Hi,
I'm configuring the Request Tracker to use Apache authentication. I've
had RT running for quite a few years, but (up to this point) only
using its internal database for authentication.
Software:
* CentOS 4.8
* Apache 2.0.63
* RT 4.0.2
* mod_fastcgi 2.4.6
I created a Directory directive for /opt/rt4 that enables the LDAP
authentication. This works really well but breaks their mail-gateway
functionality (because this script is unable to perform
authenticatation). I used a SetEnvIf parameter to exclude the two
directories from authentication and it worked well (only the REST
directory is required for the mail-gateway to work, though). However,
the RT developers recommend restricting access to mail-gateway to
127.0.0.1 as it's used to inject tickets, via email, into RT's
database--I haven't been able to get this to work. I've tried a number
of combinations of Directory, Files, and Location directives without
any success. Here's a sanitized version of my Apache config for this
virtual host (a working configuration without the above mentioned
127.0.0.1 restriction):
<VirtualHost *:80>
ServerName sub.domain.tld
RewriteEngine On
#RewriteLog /var/log/httpd/modrewrite_log
#RewriteLogLevel 9
RewriteCond %{HTTP_HOST} sub.domain.tld [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^/(.*) https://sub.domain.tld:4431/$1
</VirtualHost>
Listen 4431
<VirtualHost *:4431>
ServerName sub.domain.tld
SSLEngine On
SSLCertificateFile /etc/httpd/conf.d/sub.domain.tld-cert.pem
SSLCertificateKeyFile /etc/httpd/conf.d/sub.domain.tld-key.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
AddDefaultCharset UTF-8
FastCgiServer /opt/rt4/sbin/rt-server.fcgi -processes 5
-idle-timeout 300
Alias /NoAuth/images/ /opt/rt4/share/html/NoAuth/images/
ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/
DocumentRoot /opt/rt4/share/html
<Directory /opt/rt4>
AuthType Basic
AuthName "Request Tracker Login"
AuthLDAPEnabled on
AuthLDAPAuthoritative on
AuthLDAPUrl
"ldap://host.domain.local/OU=OrgUnit1,OU=OrgUnit2,DC=domain,DC=local?sAMAccountName?sub?(|(objectCategory=Person)(objectClass=*))"
AuthLDAPBindDN
"CN=commonName,OU=People,OU=OrgUnit1,OU=OrgUnit2,DC=domain,DC=local"
AuthLDAPBindPassword **********
Require valid-user
# Allow anyone access to the "/NoAuth" location.
SetEnvIf Request_URI "^/(NoAuth|REST/1.0/NoAuth)(.*)$" allow
Order deny,allow
Allow from env=allow
Satisfy Any
</Directory>
<Directory /opt/rt4/share/html>
Order deny,allow
Deny from all
Options +ExecCGI
AddHandler fastcgi-script fcgi
</Directory>
</VirtualHost>
Can someone help me get my desired configuration to work? I've been
playing around with it for hours and haven't had any success.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
