[Trac] Apache, Trac and LDAP - how to glue them all together?

[Jon Hadley]

I'm trying to set-up Trac to authorise users via the LDAP plugin on a Debian 
(Lenny) server. 

LDAP appears to be working correctly, I can query successfully via:

        ldapsearch -vLx -h 127.0.0.1 -b "dc=example, dc=com" "(sn=mysurname)"
        
And if i purposely break my Apache LDAP address settings I can see errors in 
/var/log/apache2/error.log

        2010-08-27 17:19:38,909 Trac[api] WARNING: LDAP error: No such object 
(dc=examplefoo,dc=com)

When I visit http://example.com:8022/trac and click the login button the 
authentication window pops up, __however__, when I enter a correct 
username/password I just get a Trac web page with:


        Trac Error
        Authentication information not available. Please refer to the 
installation documentation.

        TracGuide — The Trac User and Administration Guide


The logs are equally unhelpful (ignore the svn error, I'm aware of that):

        2010-09-01 14:25:30,553 Trac[api] DEBUG: NEEDS UP?: sys:False, 
rep:False, stats:False, fields:False, man:False
        2010-09-01 14:25:30,577 Trac[env] WARNING: base_url option not set in 
configuration, generated links may be incorrect
        2010-09-01 14:25:30,577 Trac[main] DEBUG: Dispatching <Request "GET 
u'/login'">
        2010-09-01 14:25:30,583 Trac[svn_fs] INFO: Failed to load Subversion 
bindings
        Traceback (most recent call last):
          File 
"/home/web/example/buildout-cache/eggs/Trac-0.11-py2.6.egg/trac/versioncontrol/svn_fs.py",
 line 251, in __init__
            _import_svn()
          File 
"/home/web/example/buildout-cache/eggs/Trac-0.11-py2.6.egg/trac/versioncontrol/svn_fs.py",
 line 69, in _import_svn
            from svn import fs, repos, core, delta
        ImportError: No module named svn
        2010-09-01 14:25:30,584 Trac[chrome] DEBUG: Prepare chrome data for 
request
        2010-09-01 14:25:30,586 Trac[api] DEBUG: action controllers for ticket 
workflow: ['ConfigurableTicketWorkflow']
        2010-09-01 14:25:30,597 Trac[perm] DEBUG: No policy allowed anonymous 
performing TICKET_CREATE on None
        2010-09-01 14:25:30,599 Trac[perm] DEBUG: No policy allowed anonymous 
performing TRAC_ADMIN on None
        2010-09-01 14:25:30,599 Trac[perm] DEBUG: No policy allowed anonymous 
performing PERMISSION_GRANT on None
        2010-09-01 14:25:30,599 Trac[perm] DEBUG: No policy allowed anonymous 
performing PERMISSION_REVOKE on None
        2010-09-01 14:25:30,599 Trac[perm] DEBUG: No policy allowed anonymous 
performing TICKET_ADMIN on None
        2010-09-01 14:25:30,601 Trac[main] WARNING: 500 Trac Error 
(Authentication information not available. Please refer to the <a 
href="/trac/wiki/TracInstall#ConfiguringAuthentication" title="Configuring 
Authentication">installation documentation</a>.)
        2010-09-01 14:25:30,621 Trac[perm] DEBUG: No policy allowed anonymous 
performing EMAIL_VIEW on None
        2010-09-01 14:25:30,621 Trac[session] DEBUG: Retrieving session for ID 
'20e2cfb643bff0f9121fe615'
        2010-09-01 14:25:30,641 Trac[tande_filters] DEBUG: 
self.billing_reports= set([9, 10, 11, 12, 13, 14, 15, 16, 17])
        2010-09-01 14:25:30,642 Trac[ticket_webui] DEBUG: TicketWebUiAddon 
executing
        2010-09-01 14:25:30,774 Trac[main] DEBUG: 124 unreachable objects found.


My apache set-up is as follows.

        <VirtualHost example.com:8022>
            ServerName example.com
            ServerAlias example.com

            ProxyRequests Off
            <Proxy *>
              Order deny,allow
              Allow from all
            </Proxy>

            ProxyPreserveHost On
            RewriteEngine On
            RewriteCond %{HTTP:Authorization} ^(.*)
            RewriteRule ^/(.*) http://127.0.0.1:8002/$1 [P]
        </VirtualHost>

        <Location /trac/login>
           AuthType Basic
           AuthName "Trac"
           AuthBasicProvider ldap
           Order Allow,Deny
           Allow from All
           AuthLDAPURL "ldap://127.0.0.1:389/dc=example,dc=com?uid";
           #should be on if using groups
           AuthzLDAPAuthoritative off
           Require valid-user
           #Require ldap-group cn=tracusers,dc=example,dc=com
        </Location>
        
The server has a number of other in-development services running, hence the odd 
port number.

For testing I just start the Trac server with:

    bin/tracd --port 8202 parts/trac

Where am I going wrong? It feels as if the Apache config is as fault, as LDAP 
does seem to be working.

Is that the correct command to be starting the server with (htpasswd for 
example has it's own options)? 

In the long run what's the best way to run the server? WSGI?

Jon

P.S. Cross posted to Server Fault if you're a member and want the rep: 
http://serverfault.com/questions/176949

-- 
You received this message because you are subscribed to the Google Groups "Trac 
Users" group.
To post to this group, send email to trac-us...@googlegroups.com.
To unsubscribe from this group, send email to 
trac-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/trac-users?hl=en.