I'm trying to set-up Trac to authorise users via the LDAP plugin on a Debian
(Lenny) server.
LDAP appears to be working correctly, I can query successfully via:
ldapsearch -vLx -h 127.0.0.1 -b "dc=example, dc=com" "(sn=mysurname)"
And if i purposely break my Apache LDAP address settings I can see errors in
/var/log/apache2/error.log
2010-08-27 17:19:38,909 Trac[api] WARNING: LDAP error: No such object
(dc=examplefoo,dc=com)
When I visit http://example.com:8022/trac and click the login button the
authentication window pops up, __however__, when I enter a correct
username/password I just get a Trac web page with:
Trac Error
Authentication information not available. Please refer to the
installation documentation.
TracGuide — The Trac User and Administration Guide
The logs are equally unhelpful (ignore the svn error, I'm aware of that):
2010-09-01 14:25:30,553 Trac[api] DEBUG: NEEDS UP?: sys:False,
rep:False, stats:False, fields:False, man:False
2010-09-01 14:25:30,577 Trac[env] WARNING: base_url option not set in
configuration, generated links may be incorrect
2010-09-01 14:25:30,577 Trac[main] DEBUG: Dispatching <Request "GET
u'/login'">
2010-09-01 14:25:30,583 Trac[svn_fs] INFO: Failed to load Subversion
bindings
Traceback (most recent call last):
File
"/home/web/example/buildout-cache/eggs/Trac-0.11-py2.6.egg/trac/versioncontrol/svn_fs.py",
line 251, in __init__
_import_svn()
File
"/home/web/example/buildout-cache/eggs/Trac-0.11-py2.6.egg/trac/versioncontrol/svn_fs.py",
line 69, in _import_svn
from svn import fs, repos, core, delta
ImportError: No module named svn
2010-09-01 14:25:30,584 Trac[chrome] DEBUG: Prepare chrome data for
request
2010-09-01 14:25:30,586 Trac[api] DEBUG: action controllers for ticket
workflow: ['ConfigurableTicketWorkflow']
2010-09-01 14:25:30,597 Trac[perm] DEBUG: No policy allowed anonymous
performing TICKET_CREATE on None
2010-09-01 14:25:30,599 Trac[perm] DEBUG: No policy allowed anonymous
performing TRAC_ADMIN on None
2010-09-01 14:25:30,599 Trac[perm] DEBUG: No policy allowed anonymous
performing PERMISSION_GRANT on None
2010-09-01 14:25:30,599 Trac[perm] DEBUG: No policy allowed anonymous
performing PERMISSION_REVOKE on None
2010-09-01 14:25:30,599 Trac[perm] DEBUG: No policy allowed anonymous
performing TICKET_ADMIN on None
2010-09-01 14:25:30,601 Trac[main] WARNING: 500 Trac Error
(Authentication information not available. Please refer to the <a
href="/trac/wiki/TracInstall#ConfiguringAuthentication" title="Configuring
Authentication">installation documentation</a>.)
2010-09-01 14:25:30,621 Trac[perm] DEBUG: No policy allowed anonymous
performing EMAIL_VIEW on None
2010-09-01 14:25:30,621 Trac[session] DEBUG: Retrieving session for ID
'20e2cfb643bff0f9121fe615'
2010-09-01 14:25:30,641 Trac[tande_filters] DEBUG:
self.billing_reports= set([9, 10, 11, 12, 13, 14, 15, 16, 17])
2010-09-01 14:25:30,642 Trac[ticket_webui] DEBUG: TicketWebUiAddon
executing
2010-09-01 14:25:30,774 Trac[main] DEBUG: 124 unreachable objects found.
My apache set-up is as follows.
<VirtualHost example.com:8022>
ServerName example.com
ServerAlias example.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^/(.*) http://127.0.0.1:8002/$1 [P]
</VirtualHost>
<Location /trac/login>
AuthType Basic
AuthName "Trac"
AuthBasicProvider ldap
Order Allow,Deny
Allow from All
AuthLDAPURL "ldap://127.0.0.1:389/dc=example,dc=com?uid"
#should be on if using groups
AuthzLDAPAuthoritative off
Require valid-user
#Require ldap-group cn=tracusers,dc=example,dc=com
</Location>
The server has a number of other in-development services running, hence the odd
port number.
For testing I just start the Trac server with:
bin/tracd --port 8202 parts/trac
Where am I going wrong? It feels as if the Apache config is as fault, as LDAP
does seem to be working.
Is that the correct command to be starting the server with (htpasswd for
example has it's own options)?
In the long run what's the best way to run the server? WSGI?
Jon
P.S. Cross posted to Server Fault if you're a member and want the rep:
http://serverfault.com/questions/176949
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-users?hl=en.