# Trac LDAP Authentication (apache)



## vezoul (Jul 20, 2007)

Hi all !

I'm actually trying to get my trac authentication by LDAP (MS Active Directory).

I feel I'm pretty close to getting it works, but I got issue configuring apache2.2

here is my problem : When I access to my trac page, I got a pop up asking for my login // password.
If I enter 3 wrongs pass, it tells me "Authorization Required"..
If I enter a login//pass which is actually in my LDAP, I get an 500 error : Internal Server Error.
That indicates that I can authenticate, but there is some problem in my httpd.conf (at least I guess..)

Here is the part of my httpd.conf I'm modifying :

```
<Location /trac-test/>
  SetHandler mod_python
  PythonHandler trac.web.modpython_frontend
  PythonOption TracEnv /opt/trac-test/
  PythonOption TracUriRoot /trac-test/
  Order deny,allow
  Deny from all
  Allow from all
  AuthType Basic
  AuthName "Trac"
  AuthBasicProvider "ldap"
  AuthLDAPURL "ldap://192.168.0.101:3268/DC=agiledss,DC=local?sAMAccountName?sub?(objectClass=user)"
  AuthLDAPBindDN       "CN=Administrator,CN=Users,DC=agiledss,DC=local"
  AuthLDAPBindPassword "###(Administrator's password)###"
  authzldapauthoritative Off
  require valid-user
  require group CN=VPNUsers,CN=Users,DC=agiledss,DC=local
</Location>
```
Here is the /var/log/httpd/error_log while I'm connecting to trac

```
[Fri Jul 20 11:53:04 2007] [error] [client 192.168.0.126] PythonHandler trac.web.modpython_frontend: Traceback (most recent call last):
[Fri Jul 20 11:53:04 2007] [error] [client 192.168.0.126] PythonHandler trac.web.modpython_frontend:   File "/usr/lib/python2.4/site-packages/mod_python/apache.py", line 299, in HandlerDispatch\n    result = object(req)
[Fri Jul 20 11:53:04 2007] [error] [client 192.168.0.126] PythonHandler trac.web.modpython_frontend:   File "/usr/lib/python2.4/site-packages/trac/web/modpython_frontend.py", line 87, in handler\n    gateway.run(dispatch_request)
[Fri Jul 20 11:53:04 2007] [error] [client 192.168.0.126] PythonHandler trac.web.modpython_frontend:   File "/usr/lib/python2.4/site-packages/trac/web/wsgi.py", line 87, in run\n    response = application(self.environ, self._start_response)
[Fri Jul 20 11:53:04 2007] [error] [client 192.168.0.126] PythonHandler trac.web.modpython_frontend:   File "/usr/lib/python2.4/site-packages/trac/web/main.py", line 377, in dispatch_request\n    env = _open_environment(env_path, run_once=run_once)
[Fri Jul 20 11:53:04 2007] [error] [client 192.168.0.126] PythonHandler trac.web.modpython_frontend:   File "/usr/lib/python2.4/site-packages/trac/web/main.py", line 58, in _open_environment\n    env_cache[env_path] = open_environment(env_path)
[Fri Jul 20 11:53:04 2007] [error] [client 192.168.0.126] PythonHandler trac.web.modpython_frontend:   File "/usr/lib/python2.4/site-packages/trac/env.py", line 434, in open_environment\n    env = Environment(env_path)
[Fri Jul 20 11:53:04 2007] [error] [client 192.168.0.126] PythonHandler trac.web.modpython_frontend:   File "/usr/lib/python2.4/site-packages/trac/env.py", line 126, in __init__\n    self.verify()
[Fri Jul 20 11:53:04 2007] [error] [client 192.168.0.126] PythonHandler trac.web.modpython_frontend:   File "/usr/lib/python2.4/site-packages/trac/env.py", line 174, in verify\n    fd = open(os.path.join(self.path, 'VERSION'), 'r')
[Fri Jul 20 11:53:04 2007] [error] [client 192.168.0.126] PythonHandler trac.web.modpython_frontend: IOError: [Errno 2] No such file or directory:'/opt/trac-test/VERSION'
```

I'm not really user-friendly with all those Apache things.. So maybe it's a really stupid, easy thing I didn't get..

Can anyone helps?
Thanks in advance,
Ben


----------



## vezoul (Jul 20, 2007)

ok, since no one answered, I found over, and i post my conf here, for the next one.. 


```
<Location /trac-test/>
  SetHandler mod_python
  PythonOption TracEnvParentDir /opt/trac-test
  PythonOption TracUriRoot /trac-test
  PythonHandler trac.web.modpython_frontend
  Order deny,allow
  Deny from all
  Allow from 192.168.0.0/17 192.168.128.0/17
  AuthType Basic
  AuthName "Trac"
  AuthBasicProvider "ldap"
  AuthLDAPURL "ldap://192.168.0.101:3268/DC=agiledss,DC=local?sAMAccountName" NONE
  AuthLDAPBindDN "CN=Administrator,CN=Users,DC=agiledss,DC=local"
  AuthLDAPBindPassword "###(Admin's password)###"
  authzldapauthoritative Off
  require valid-user
  require group CN=TracUsers,CN=Users,DC=agiledss,DC=local
</Location>
```


----------



## TOMCAN (Jul 28, 2007)

Vez, LDAP can be an ugly animal. I don't know how much i can help but I would suggest testing ldap authentication via the command line, and make sure that's working before trying it with Apache.

"LDAP (MS Active Directory)."

I tale it by this that you are also using Samba?
then you have several pieces that need to be checked.

here's one on Ldap:
http://www.linux.com/articles/114074

here's one on samba, ldap and active directory:
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081

This is what I found on Trac Ldap plugin:
http://trac-hacks.org/wiki/LdapPlugin

I take it that is what you are trying to do?

I would attempt to authenticate via the command line and make sure you don't have a schema problem.
Tom


----------



## vezoul (Jul 20, 2007)

Thanks TomCat, but I resolved my problem.. it was just apache conf. My config 2 posts upper actually works.

Thanks anyway for linking all this, it will totally help the future trac-ldaper..

Ben


----------

