Jon*_*ley 8 ldap trac apache-2.2
我正在尝试设置Trac以通过Debian (Lenny) 服务器上的LDAP 插件授权用户。
LDAP 似乎工作正常,我可以通过以下方式成功查询:
ldapsearch -vLx -h 127.0.0.1 -b "dc=example, dc=com" "(sn=mysurname)"
如果我故意破坏我的 Apache LDAP 地址设置,我会在 /var/log/apache2/error.log 中看到错误
2010-08-27 17:19:38,909 Trac[api] WARNING: LDAP error: No such object (dc=examplefoo,dc=com)
当我访问http://example.com:8022/trac并单击登录按钮时,身份验证窗口会弹出(再次确认 LDAP 正在启动),但是,当我输入正确的用户名/密码时,我只会得到一个 Trac 网络页面:
Trac Error
Authentication information not available. Please refer to the installation documentation.
TracGuide — The Trac User and Administration Guide
日志同样没有帮助(忽略 svn 错误,我知道):
2010-09-01 14:25:30,553 Trac[api] DEBUG: NEEDS UP?: sys:False, rep:False, stats:False, fields:False, man:False
2010-09-01 14:25:30,577 Trac[env] WARNING: base_url option not set in configuration, generated links may be incorrect
2010-09-01 14:25:30,577 Trac[main] DEBUG: Dispatching <Request "GET u'/login'">
2010-09-01 14:25:30,583 Trac[svn_fs] INFO: Failed to load Subversion bindings
Traceback (most recent call last):
File "/home/web/example/buildout-cache/eggs/Trac-0.11-py2.6.egg/trac/versioncontrol/svn_fs.py", line 251, in __init__
_import_svn()
File "/home/web/example/buildout-cache/eggs/Trac-0.11-py2.6.egg/trac/versioncontrol/svn_fs.py", line 69, in _import_svn
from svn import fs, repos, core, delta
ImportError: No module named svn
2010-09-01 14:25:30,584 Trac[chrome] DEBUG: Prepare chrome data for request
2010-09-01 14:25:30,586 Trac[api] DEBUG: action controllers for ticket workflow: ['ConfigurableTicketWorkflow']
2010-09-01 14:25:30,597 Trac[perm] DEBUG: No policy allowed anonymous performing TICKET_CREATE on None
2010-09-01 14:25:30,599 Trac[perm] DEBUG: No policy allowed anonymous performing TRAC_ADMIN on None
2010-09-01 14:25:30,599 Trac[perm] DEBUG: No policy allowed anonymous performing PERMISSION_GRANT on None
2010-09-01 14:25:30,599 Trac[perm] DEBUG: No policy allowed anonymous performing PERMISSION_REVOKE on None
2010-09-01 14:25:30,599 Trac[perm] DEBUG: No policy allowed anonymous performing TICKET_ADMIN on None
2010-09-01 14:25:30,601 Trac[main] WARNING: 500 Trac Error (Authentication information not available. Please refer to the <a href="/trac/wiki/TracInstall#ConfiguringAuthentication" title="Configuring Authentication">installation documentation</a>.)
2010-09-01 14:25:30,621 Trac[perm] DEBUG: No policy allowed anonymous performing EMAIL_VIEW on None
2010-09-01 14:25:30,621 Trac[session] DEBUG: Retrieving session for ID '20e2cfb643bff0f9121fe615'
2010-09-01 14:25:30,641 Trac[tande_filters] DEBUG: self.billing_reports= set([9, 10, 11, 12, 13, 14, 15, 16, 17])
2010-09-01 14:25:30,642 Trac[ticket_webui] DEBUG: TicketWebUiAddon executing
2010-09-01 14:25:30,774 Trac[main] DEBUG: 124 unreachable objects found.
我的 apache 设置如下。
<VirtualHost example.com:8022>
ServerName example.com
ServerAlias example.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^/(.*) http://127.0.0.1:8002/$1 [P]
</VirtualHost>
<Location /trac/login>
AuthType Basic
AuthName "Trac"
AuthBasicProvider ldap
Order Allow,Deny
Allow from All
AuthLDAPURL "ldap://127.0.0.1:389/dc=example,dc=com?uid"
#should be on if using groups
AuthzLDAPAuthoritative off
Require valid-user
#Require ldap-group cn=tracusers,dc=example,dc=com
</Location>
服务器有许多其他正在开发的服务正在运行,因此端口号是奇数。
我的 trac.ini 是全新安装的,有以下变化:
[ldap]
basedn = dc=example,dc=com
bind_passwd = foo
bind_user = cn=admin,dc=example,dc=com
enable = true
group_rdn = ou=people
host = 127.0.0.1
port = 389
use_tls = false
user_rdn = ou=users
[components]
ldapplugin.* = enabled
为了进行测试,我只需使用以下命令启动 Trac 服务器:
bin/tracd --port 8202 parts/trac
我哪里错了?感觉好像 Apache 配置是错误的,因为 LDAP 似乎确实在工作。
这是启动服务器的正确命令(例如,htpasswd 有它自己的选项)?
从长远来看,运行服务器的最佳方式是什么?世界地理标志?
如果您需要测试“Apache+LDAP+Trac”绑定,则无需运行独立的bin/tracd.
首先尝试在不使用 LdapPlugin 的情况下将 Apache LDAP 身份验证与 Trac 一起使用(它只是添加了管理 LDAP 组的 trac 权限的功能)。您应该在位置配置身份验证/trac/login,Trac 将自动获取经过身份验证的用户名。看这里:TracModWSGI - 配置身份验证这在我的设置中运行良好(Debian Squeeze,Trac 0.12)。因此,只需从 from 中删除所有修改即可trac.ini。
当您获得工作身份验证后,您可以开始配置 LdapPlugin。
恕我直言,WSGI 是在 Apache 上运行 python 应用程序的最佳方式,它快速且简单。
| 归档时间: |
|
| 查看次数: |
4172 次 |
| 最近记录: |