Hi,
editing my trac.wsgi (with the proposed snippet), gave me an "500
Internal error" and following message in my apache error log:
[Thu Oct 23 22:55:39 2014] [error] [client *] mod_wsgi (pid=27135):
Exception occurred processing WSGI script
'/var/www/trac/cgi-bin/trac.wsgi'.
[Thu Oct 23 22:55:39 2014] [error] [client *] Traceback (most recent
call last):
[Thu Oct 23 22:55:39 2014] [error] [client *] File
"/var/www/trac/cgi-bin/trac.wsgi", line 33, in application
[Thu Oct 23 22:55:39 2014] [error] [client *]
environ['REMOTE_USER'] = environ['REMOTE_USER'].lower()
[Thu Oct 23 22:55:39 2014] [error] [client *] KeyError: 'REMOTE_USER'
My trac.wsgi (without your proposal):
import os
def application(environ, start_request):
if not 'trac.env_parent_dir' in environ:
environ.setdefault('trac.env_path', '/var/www/trac')
if 'PYTHON_EGG_CACHE' in environ:
os.environ['PYTHON_EGG_CACHE'] = environ['PYTHON_EGG_CACHE']
elif 'trac.env_path' in environ:
os.environ['PYTHON_EGG_CACHE'] = \
os.path.join(environ['trac.env_path'], '.egg-cache')
elif 'trac.env_parent_dir' in environ:
os.environ['PYTHON_EGG_CACHE'] = \
os.path.join(environ['trac.env_parent_dir'], '.egg-cache')
os.environ['PYTHON_EGG_CACHE'] = '/tmp/python-eggs'
from trac.web.main import dispatch_request
return dispatch_request(environ, start_request)
My trac-apache.conf:
LDAPVerifyServerCert Off
<LocationMatch "/trac/login">
AuthName "Trac LDAP Authentication"
AuthType Basic
AuthBasicProvider ldap file
AuthzLDAPAuthoritative Off
AuthUserFile /opt/trac-password/trac.htpasswd
AuthLDAPURL "ldaps://DOMAIN:PORT/ou=OU,o=O,dc=DC,dc=DC?uid?"
Require ldap-user USER USER USER
Require user admin
</LocationMatch>
WSGIScriptAlias /trac /var/www/trac/cgi-bin/trac.wsgi
<Directory "/var/www/trac/cgi-bin">
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
Alias /trac/chrome/common /var/www/trac/htdocs/common
Alias /trac/chrome/site /var/www/trac/htdocs/site
<Directory "/var/www/trac/htdocs">
Order allow,deny
Allow from all
</Directory>
That is my config.
Kind regards
Eberhardt
Zitat von "Cooke, Mark" <[email protected]>:
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Jan Eberhardt
Hello trac-team and/or mailinglist users,
I am using LDAP for authentication and I want to define permissions
for every single user that logged in via LDAP.
When I login (LDAP is working), the permissions of the 'authenticated'
group are matched to the login user (seems right so far), but I also
did 'trac-admin <env> permission add <username>'. I gave this user
(matching the LDAP login) higher permissions, but they dont apply.
An example:
LDAP Login for the user is 'bob', I also create 'trac-admin <env>
permission add bob TRAC_ADMIN', but when I login as 'bob' I dont see
the admin-panel.
The 'admin' user works right (authenticated via local htpasswd file),
but when I want to grant the LDAP users higher rights, it fails.
What goes wrong, where do I fail ?
What messages (if any) do you get in your apache log files?
Can you show us the relevant bits of your apache `conf` file and
your wsgi files?
As a quick suggestion, is this a case issue? I have the following
line in my WSGI file:
# Make sure usernames are lower case...
environ['REMOTE_USER'] = environ['REMOTE_USER'].lower()
...or a domain issue...
# Strip any domain if present
while "\\" in environ['REMOTE_USER']:
environ['REMOTE_USER'] = environ['REMOTE_USER'].split("\\", 1)[1]
Hope that helps,
~ Mark C
Kind regards
Eberhardt
--
Trac-System:
- Red Hat Linux
- apache (with mod_wsgi, mod_ldap, mod_authnz_ldap)
- MySQL
--
You received this message because you are subscribed to the Google
Groups "Trac Users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.
