Hello,

I managed to connect to Galaxy to LDAP ;-)
Three points were blocking for me:
* Being root of my virtual machine can carry out tests
* I confused login / password of two LDAP, so I thought that my authentication method was not good while I was using the wrong password ...
* It is better not to go through a proxy

1 - Set configuration file of Galaxy: universe_wsgi.ini to delegate user authentication to an upstream proxy Apache:
Users and Security
use_remote_user = True
remote_user_maildomain = toulouse.inra.fr

2 - Create a file type "htaccess" file named galaxy.conf (in / etc / httpd / conf.d /): For reasons of performance and safety, it is advisable not to use a. htaccess but a galaxy.conf file in the main server configuration (Apache), because the latter will be charged a once when the server starts. With an .htaccess file, this file will be charged at each access.

RewriteEngine on
<Location "/galaxy">
# Define the authentication method
AuthType Basic
AuthName "Galaxy"
AuthBasicProvider ldap
AuthLDAPURL "ldap :/ / server URL: 389/..."
AuthzLDAPAuthoritative off
Require valid-user
RequestHeader set REMOTE_USER %{AUTHENTICATE_uid}e
</ Location>
RewriteRule ^ / $ galaxy / galaxy / [R]
RewriteRule ^ / galaxy / static / style / (. *) / var/www/html/galaxy/static/june_2007_style/blue / $ 1 [L] RewriteRule ^ / galaxy / static / scripts / (. *) /vVar / www / html / galaxy / static / scripts / packed / $ 1 [L] RewriteRule ^ / galaxy / static / (. *) / var / www / html / galaxy / static / $ 1 [L] RewriteRule ^ / galaxy / favicon.ico / var / www / html / galaxy / static / favicon.ico [L] RewriteRule ^ / galaxy / robots.txt / var / www / html / galaxy / static / robots.txt [L]
RewriteRule ^ / galaxy (. *) http://ip:port $ 1 [P]



As Galaxy is not installed in root directory but in a galaxy directory (var / www / html / galaxy /), so following changes are needed:

1 - Add a RewriteRule

2 - Do not go through a proxy

3 - REMOTE_USER variable is AUTHENTICATE_uid ( AUTHENTICATE_ sAMAccountName for Windows AD)

4 - To generate dynamic URLs, it is necessary to configure prefix in universe_wsgi.ini :
[Filter: proxy-prefix]
use = egg: # prefix PasteDeploy
prefix = / galaxy
[App: main]
filter-with = proxy-prefix
cookie_path = / galaxy

If you are not root on the virtual machine, create a symlink from / etc / httpd / conf.d / to galaxy.conf


3 - Some useful checks

Verify Apache version and Apache modules because each directive must have an associated module:

Directive → Related module (which mod_ldap)
AuthType → mod_auth_basic.so
AuthBasicProvider → mod_authnz_ldap and mod_authz_ldap
Rewrite (for proxy) → mod_rewrite.so
RequestHeader→ mod_headers


Check that the galaxy is installed on ldap using this command: ldapsearch-x-h LDAP URL : port-b "dc"

When you make a modification in galaxy.conf, restart Apache (or graful).

In httpd.conf, so that access management is authorized by the file. #
# AccessFileName: The name of the file to look for in EACH directory
# For additional configuration directives. See also the AllowOverride
# Directive.
#
AccessFileName. Htaccess

Check: Chmod 777 galaxy.conf


4 - Finally, restart run.sh (sh run.sh &)


Thanks A LOT for your help,
Sarah
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

 http://lists.bx.psu.edu/

Reply via email to