On Monday, January 25, 2016 at 8:40:22 AM UTC-8, deadf00d wrote: > > Hi Ryan, > > the patch works! > I can now authenticate in nginx and trac detects the authenticated user as > expected. >
I thought about it some more last evening and I'm rather surprised that it works for you. Presumably the `perm` callback needs to be invoked to set req.environ['REMOTE_USER']. I don't see where the callback is invoked in either trac.web.main.dispatch_request or when the request is matched and processed in trac.web.auth: http://trac.edgewall.org/browser/tags/trac-1.0.9/trac/web/auth.py?marks=121,124,133#L119 I also don't see how the recipe discussed in #9206 can work, unless the Trac instance is not available to anonymous users. If none of the Trac paths can be accessed by anonymous users and the user is forced to authenticate through the web server first for any path, then login/logout buttons would be non-functional. Unfortunately, I still have some issues: > > First, for some reason, the browser receives a location header like this: > Location: http://trac.mydomain.com:8080 > The public page should rather be https://trac.mydomain.com/ > After logging in, I can go back to the correct page and browse the page > fine. > The redirect only happens on '/login' and '/logout'. > > Second, I want to make use of LDAP groups, i.e., assign trac-admin rights > to members of a special group. Is there a way to pass this information from > nginx to trac? E.g. a REMOTE_GROUP(S) header? > I think that DirectoryAuthPlugin may help you with that, or you may want to look at other plugins such as LdapPlugin. I'm not familiar with the details of the plugins. https://trac-hacks.org/tags/ldap?wiki=on -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
