httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Hadley <jon.had...@gmail.com>
Subject [users@httpd] LDAP authentication behind proxy?
Date Tue, 14 Sep 2010 22:39:06 GMT
In the following, the service on 8002 is a theming proxy, which also proxies the trac service
on 8202 (among other things).  All public requests come via 8022 (a testing port, that would
usually be 80)

The problem is, LDAP authentication (fairly obviously) only works when accessing the trac
site via the latter port 8202, not via 8002, or indeed 8022. 

Is there *any* way of configuring apache so it works on the other port too?

More background here: http://serverfault.com/questions/180845/

 
<VirtualHost foo.bar.com:8022>
           ServerName foo.bar.com
           ServerAlias foo.bar.com

           ProxyRequests Off
           <Proxy *>
               Order deny,allow
               Allow from all
           </Proxy>

           ProxyPreserveHost On

           RewriteEngine On
           RewriteCond %{HTTP:Authorization} ^(.*)
           RewriteRule ^/(.*) http://0.0.0.0:8002/$1 [P]

</VirtualHost>

	WSGIDaemonProcess trac stack-size=524288 python-path=/usr/lib/python2.5/site-packages
	WSGIScriptAlias /trac /home/web/foo/parts/trac/tracwsgi/cgi-bin/trac.wsgi
	WSGIProcessGroup trac
	WSGIApplicationGroup %{GLOBAL}

   <VirtualHost foo.bar.com:8202>
           ServerName foo.bar.com
           ServerAlias foo.bar.com

           <Directory "/home/web/foo/parts/trac/tracwsgi/cgi-bin">
                   Options +Indexes FollowSymLinks
                   AllowOverride None
                   Allow from all
                   Order allow,deny
           </Directory>

           <Location "/trac">
                   AuthBasicProvider ldap
                   AuthType Basic
                   AuthzLDAPAuthoritative off
                   AuthName "Login"
                   AuthLDAPURL "ldap://127.0.0.1:389/dc=foo-bar,dc=org?uid"
                   AuthLDAPBindDN "cn=admin, dc=foo-bar, dc=org"
                   AuthLDAPBindPassword secretword
                   require valid-user
           </Location>

   </VirtualHost>





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message