I'll post my configuration, it works perfectly fine:
httpd-ssl.conf:
Listen *:443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/etc/httpd/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/etc/httpd/logs/ssl_mutex"
NameVirtualHost *:443
<VirtualHost *:443>
# General setup for the virtual host
DocumentRoot "/home/data/trac"
ServerName <your-server>
ServerAdmin adm...@evidian.de
ErrorLog "/etc/httpd/logs/error_log"
TransferLog "/etc/httpd/logs/access_log"
<Location "/">
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "Login"
AuthLDAPURL "ldap://<LDAP-IP>:389/OU=Where-your-users-
are,DC=your,DC=server,DC=org?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN
"CN=USER_THAT_HAS_READ_ACCESS,CN=WHERE_IT_AT,DC=your,DC=server,DC=org"
AuthLDAPBindPassword "Password"
require valid-user
SetHandler mod_python
PythonInterpreter main_interpreter
PythonHandler trac.web.modpython_frontend
PythonOption PYTHON_EGG_CACHE /tmp/python_egg_cache
PythonOption TracEnvParentDir /home/data/trac/
PythonOption TracUriRoot /
</Location>
<Directory "/">
Options FollowSymLinks ExecCGI Indexes Includes
Order Allow,Deny
Allow from All
AllowOverride None
</Directory>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:
+SSLv2:+EXP:+eNULL
SSLCertificateFile "/etc/httpd/conf/KEY.crt"
SSLCertificateKeyFile "/etc/httpd/conf/KEY.key"
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/etc/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/etc/httpd/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
On 6 Sep., 20:28, Noah Kantrowitz <n...@coderanger.net> wrote:
> On Sep 6, 2010, at 7:34 AM, Jon Hadley wrote:
>
> >> You cannot proxy HTTP auth like that. It is an internal thing
> >> within the web
> >> server. You either need to run the Trac on Apache, or let tracd do
> >> the
> >> authentication (via AccountManager+LDAPAuth).
>
> > The various AccountManager LDAP plugins appear to be a mess. Does
> > anyone have a working Apache + LDAP + Trac configuration I could crib
> > from? Even a 'Trac on Apache' setup (WSGI?) would be a good start.
>
> What do you mean "various"? Is there anything other
> thanhttp://pypi.python.org/pypi/TracLDAPAuth?
> There is an example config in there that works just fine for me.
>
> --Noah
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To post to this group, send email to trac-us...@googlegroups.com.
To unsubscribe from this group, send email to
trac-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/trac-users?hl=en.
