Jon Hadley skrev 15. sep. 2010 14:51: > Hi Eirik, > > Thanks for the time you've spent looking into my problem, it's much > appreciated.
NP :) >> I first thought you wanted the following: >> >> ,-------- ldap auth -- < trac >> user <- (xml theme proxy ) < >> '-------- cms website > > Exactly what I want. Ok -- then I can better understand why you're having problems ;-) >> 3: An url starting with /trac: 1: should be served from the trac >> instance 2: should be authenticated via ldap > > Should be served from the trac instance, *VIA* the xml theme proxy. > >> However, as far as I can tell collective.xdv is just a post-hook >> for plone ? > > No, it sits in front of Trac too. (In fact it can sit in front of any > website, which is where it's potential power comes from). > > But this is where my trouble begins. As soon as collective.xdv is in > front of Trac, the authentication system fails. I'm not sure if > collective.xdv is stripping authentication headers, or if there is a > better way of Apache controlling the route of the authentication > requests. From the collective.xdv-page (and as far as I can tell from your configs posted here, and at stackoverflow) -- it isn't obvious how you've set this up -- this is a python script that acts as a proxy ? Are you using: http://pypi.python.org/pypi/dv.xdvserver wrapped around trac ? Do you run that via mod_wsgi, or some other means ? Based on: http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html "13.5.1 End-to-end and Hop-by-hop Headers For the purpose of defining the behavior of caches and non-caching proxies, we divide HTTP headers into two categories: - End-to-end headers, which are transmitted to the ultimate recipient of a request or response. End-to-end headers in responses MUST be stored as part of a cache entry and MUST be transmitted in any response formed from a cache entry. - Hop-by-hop headers, which are meaningful only for a single transport-level connection, and are not stored by caches or forwarded by proxies. The following HTTP/1.1 headers are hop-by-hop headers: - Connection - Keep-Alive - Proxy-Authenticate - Proxy-Authorization - TE - Trailers - Transfer-Encoding - Upgrade All other headers defined by HTTP/1.1 are end-to-end headers. " As far as i can tell a reverse proxy actually should forward http authorization headers -- so it would appear collective.xvd is the problem, not mod_proxy (Note authorization and proxy-authorization are different headers). >> Should be as easy as: > > Your included configuration works great, if I don't want Trac themed > by the collective.xdv proxy but have it appear on the same address, > but as detailed above, this isn't my end goal (although it might have > to be Plan B) > >> I would suggest not cramming everything into one apache config >> instance, but rather set everything up as if you were setting up >> seperate servers. > > Good advice :) This does remind me a bit about: http://apache.webthing.com/mod_proxy_html/ by the way -- but that or mod_proxy_xml might not be able to do quite what you want (apply your xml styles). Perhaps collective.xvd can be made to work with mod_ext_filter ?: http://httpd.apache.org/docs/2.2/mod/mod_ext_filter.html Best regards, -- .---. Eirik Schwenke <[email protected]> ( NSD ) Harald HÃ¥rfagresgate 29 Rom 150 '---' N-5007 Bergen tlf: (555) 889 13 GPG-key at pgp.mit.edu Id 0x8AA3392C
signature.asc
Description: OpenPGP digital signature
