> -----Original Message----- > From: [email protected] On Behalf Of Jochen Schreiber > Sent: 05 April 2011 08:54 > To: Trac Users > Subject: [Trac] Apach2 / Trac / Authentification > > Hello everybody, > > i am new at this mailing list and this is my first post. I had a > problem with my trac configfile for the apache2.
Hello and Welcome... > Im Netz wo der Server steht wird gegen einen LDAP authentifiziert. > Jetzt habe ich lokal einen Benutzer und ich möchte das dieser sich > ebenfalls beim Trac anmelden kann. > My Server will authenticate user against an LDAP. Now i have an local > User which should be able to authenticate too. But i dont know how i > could combine this two methods. > > With my config i became the following error: Internal Server Error: > The server encountered an internal error or misconfiguration and was > unable to complete your request. (Apache2.2.14) > > Here is my configgile "trac" from Trac which is lying in /etc/apache2/ > sites-enabled. The local User is called "phmd". The other user come > from LDAP. I dont habe much knowledge about configuration trac and > apache2 and there are several other people who edit this config file > so it would be great if here is someone who could help me. I assume you asked these others for help and they couldn't... I'm no expert but below are some thoughts that I hope might help. > <VirtualHost *> > ServerAdmin webmaster@localhost > ServerName trac.example.com > DocumentRoot /var/www > ErrorLog /var/log/apache2/error.trac.log > CustomLog /var/log/apache2/access.trac.log combined > > <Location /projects> > SetHandler mod_python > PythonInterpreter main_interpreter > PythonHandler trac.web.modpython_frontend > PythonOption TracEnvParentDir /var/lib/trac > PythonOption TracUriRoot /projects > PythonOption PYTHON_EGG_CACHE /tmp > </Location> Can I suggest that you think about moving from mod_python (now officially unsupported) to one of the other options such as mod_wsgi? > # use the following for one authorization for all projects > # (names containing "-" are not detected): > # <LocationMatch "/projects/[[:alnum:]]+/login"> > > <Location /projects/mudisar> > AuthType Basic > AuthName "trac2" > # AuthUserFile /var/www/db/passwd You have commented (with the '#' sign) the line that identifoes what is providing the auth for this path, so this is an invalid config block... Have you read the apache pages about auth (http://httpd.apache.org/docs/current/howto/auth.html)? You often need several directives working together to make a valid block... > Require user phmnd You also need to make sure that you have all the required modules loaded as different modules provide different directives (this caught me out!) "Require User" comes from "mod_authz_user" for example. > </Location> Are you trying to provide different auth for different paths or provide blanket auth for the whole site? > <LocationMatch "/projects/[[:alnum:]]+/"> > AuthType Basic > AuthName "trac" > AuthBasicProvider ldap > AuthzLDAPAuthoritative off > AuthBasicAuthoritative off > AuthLDAPUrl > ldap://ldap.inf.fh-brs.de:389/dc=fh-bonn-rhein-sieg,dc=$ > # AuthUserFile /etc/apache2/dav_svn.passwd > # Require valid-user > # Require ldap-user sginze2s jschre2s fnatte2s rthiel2m > jschmi2s bhcw$ > # Require user phmnd > Require ldap-user sginze2s jschre2s fnatte2s rthiel2m > jschmi2s bhcw$ > </LocationMatch> > </VirtualHost> > > > With Best > > bladepit > The way I do auth is to have a global <Location />...</Location> block that applies auth to the whole virtual host (assuming there are not other services you have hidden from your conf above). Within that block you put your auth statements for LDAP and for the user file. You need to look at AuthzLDAPAuthoritative (http://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authzldapauthoritative) and set this to off to allow failed LDAP lookups to go on to check the user file. I've not done exactly this but hopefully that will get you going. ~ mark c -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.
