[Trac] Trac + Ldap - Restricted mode error

[Jon Hadley]

I'm trying to setup Trac, using mod_wsgi, LDAP and a xml theming proxy
called collective.xdv.

Thanks to users on this list I've got pretty close, using the Apache
configuration below, however I'm encountering the following 2 major
issues:

        1) I've noticed that during testing, if I access the Trac site via
8202, the 8022 site errors with 'RuntimeError: instance.__dict__ not
accessible in restricted mode' and will not work again till Apache is
restarted. 8202 still works regardless of if 8022 is erroring or
accessed. This seems related to this Trac bug:
http://trac.edgewall.org/ticket/3371 . But I'm not using mod_python
and WSGIProcessGroup and WSGIApplicationGroup are the same value.
(More detail regarding this problem is also here:
http://serverfault.com/questions/180850 )

        2) LDAP on Trac only works via port 8202, not via 8022. Fairly
obviously because that's where the rule is set-up. But the rest of the
site on 8022 doesn't need to be LDAP protected. How do I apply the
LDAP authentication behind the proxy? Can the proxy somehow inherit
the authentication rule when Trac is requested? (More detail regarding
this problem is also here: http://serverfault.com/questions/180845 )
        
I'd appreciate any input this list might have.



    <VirtualHost foo.bar.com:8022>
            ServerName foo.bar.com
            ServerAlias foo.bar.com

            ProxyRequests Off
            <Proxy *>
                Order deny,allow
                Allow from all
            </Proxy>

            ProxyPreserveHost On
                
            RewriteEngine On
            RewriteCond %{HTTP:Authorization} ^(.*)
            RewriteRule ^/(.*) http://0.0.0.0:8002/$1 [P]


    </VirtualHost>


    <VirtualHost foo.bar.com:8202>
            ServerName foo.bar.com
            ServerAlias foo.bar.com

            <Directory "/home/web/foo/parts/trac/tracwsgi/cgi-bin">
                                WSGIDaemonProcess trac stack-size=524288
python-path=/usr/lib/python2.5/site-packages
                                WSGIScriptAlias /trac
/home/web/foo/parts/trac/tracwsgi/cgi-bin/trac.wsgi
                                WSGIProcessGroup %{GLOBAL}
                    WSGIApplicationGroup %{GLOBAL}
                    Options +Indexes FollowSymLinks
                    AllowOverride None
                    Allow from all
                    Order allow,deny
            </Directory>

            <Location "/trac">
                    AuthBasicProvider ldap
                    AuthType Basic
                    AuthzLDAPAuthoritative off
                    AuthName "Login"
                    AuthLDAPURL "ldap://127.0.0.1:389/dc=foo-bar,dc=org?uid";
                    AuthLDAPBindDN "cn=admin, dc=foo-bar, dc=org"
                    AuthLDAPBindPassword secretword
                    require valid-user
            </Location>

    </VirtualHost>

-- 
You received this message because you are subscribed to the Google Groups "Trac 
Users" group.
To post to this group, send email to trac-us...@googlegroups.com.
To unsubscribe from this group, send email to 
trac-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/trac-users?hl=en.