Ldap – Directory, Proxy and Location – how to co-exist in one Apache configuration


Mostly through trial and error I have created the Apache configuration file below.

It aims to allow a server on localhost:8002 and a trac server via WSGI to share an LDAP server and appear to be on the same domain/port.

The rules work in isolation, but not in parallel.

In particular, trac WSGI will only serve correctly if ProxyPass/ProxyPassReverse lines are commented out. Without that redirect the server at localhost:8002 obviously isn't mapped to the outgoing 8022 port.

I assume the mix of Directory, Proxy and Location rules is the route of my problem – or perhaps the order of them?

WSGIDaemonProcess trac stack-size=524288 python-path=/usr/lib/python2.5/site-packages
WSGIScriptAlias /trac /home/web/foo/parts/trac/tracwsgi/cgi-bin/trac.wsgi

<VirtualHost foo.bar.com:8022>
    ServerName foo.bar.com
    ServerAlias foo.bar.com

    ProxyRequests Off
    <Proxy *>
        Order deny,allow
        Allow from all

    ProxyPreserveHost On
    ProxyPass / http://localhost:8002/VirtualHostBase/http/foo.bar.com:8022/foo/VirtualHostRoot/
    ProxyPassReverse / http://localhost:8002/VirtualHostBase/http/foo.bar.com:8022/foo/VirtualHostRoot/

    <Directory "/home/web/foo/parts/trac/tracwsgi/cgi-bin">
        WSGIApplicationGroup %{GLOBAL}
        Options +Indexes FollowSymLinks
        AllowOverride None
        Allow from all
        Order allow,deny

    <Location "/trac">
        AuthBasicProvider ldap
        AuthType Basic
        AuthzLDAPAuthoritative off
        AuthName "Login"
        AuthLDAPURL "ldap://,dc=org?uid"
        AuthLDAPBindDN "cn=admin, dc=foo-bar, dc=org"
        AuthLDAPBindPassword secret
        require valid-user


Best Answer


ProxyPass /trac !

before ProxyPass for '/'.



You are also missing a WSGIProcessGroup directive. That Trac instance isn't going to run in the daemon mode process you created. See:


