Hi again, I'm almost done with the whole stuff... I'm now able to get authentication through apache and have $REMOTE_USER set to the user email. I've set remote_user_domain to be blank but as I go to the proxied galaxy page I get this: Access to Galaxy is denied Galaxy is configured to authenticate users via an external method (such as HTTP authentication in Apache), but a username was not provided by the upstream (proxy) server. This is generally due to a misconfiguration in the upstream server. Please contact your local Galaxy administrator. The browser asks for username and password (although the message above is already on screen), but in the end it doesn't work... Some configurations: $ cat /etc/apache2/mods-enabled/proxy.conf <IfModule mod_proxy.c> ProxyRequests Off ProxyVia Off # <Proxy balancer://galaxy> # BalancerMember http://localhost:8080 # BalancerMember http://localhost:8081 # </Proxy> RewriteCond %{IS_SUBREQ} ^false$ RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=RU:%1] RequestHeader set REMOTE_USER %{RU}e RequestHeader unset Authorization </IfModule> $ cat /etc/apache2/sites-enabled/000-default […] Order deny,allow AuthName "Galaxy Login" AuthType Basic AuthBasicProvider ldap AuthLDAPURL "ldap://XXX/dc=ifom-ieo-campus,dc=it?cn,mail?sub?(cn=*)" AuthLDAPRemoteUserAttribute mail Require ldap-filter objectClass=posixAccount […] RewriteEngine on RewriteRule ^/galaxy$ /galaxy/ [R] RewriteRule ^/galaxy/static/style/(.*) /data/galaxy_dist/static/june_2007_style/blue/$1 [L] RewriteRule ^/galaxy/static/(.*) /data/galaxy_dist/static/$1 [L] RewriteRule ^/galaxy/images/(.*) /data/galaxy_dist/static/images/$1 [L] RewriteRule ^/galaxy/favicon.ico /data/galaxy_dist/static/favicon.ico [L] RewriteRule ^/galaxy/robots.txt /data/galaxy_dist/static/robots.txt [L] RewriteRule ^/galaxy(.*) http://127.0.0.1:8080$1 [P] Any hint? d On May 24, 2010, at 4:21 PM, Ry4an Brase wrote:
On Mon, May 24, 2010 at 04:14:33PM +0200, Davide Cittaro wrote:
That's exactly what I've tried to ask :-)
Also, that means that my galaxy user will be dcittaro@ifom-ieo-campus.it . The problem is that email address doesn't exist, as usernames defined in LDAP are not the usernames for mail addresses... I guess I'll have to study LDAP search syntax and instruct it to query with my username (dcittaro) and return the email address stripping the domain (davide.cittaro)...
Glad it helped. Here are some Apache Directives that will probably help:
http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authldapremoteuser...
which can only legally be one of the attributes included in your:
http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authldapurl
That'll let you auth using the 'uid' and set REMOTE_USER to the 'email'. If the email comes back from LDAP with the @domain.tld already appended then don't set REMOTE_USER_DOMAIN to anything.
-- Ry4an Brase 612-626-6575 University of Minnesota Supercomputing Institute for Advanced Computational Research http://www.msi.umn.edu _______________________________________________ galaxy-dev mailing list galaxy-dev@lists.bx.psu.edu http://lists.bx.psu.edu/listinfo/galaxy-dev
/* Davide Cittaro Cogentech - Consortium for Genomic Technologies via adamello, 16 20139 Milano Italy tel.: +39(02)574303007 e-mail: davide.cittaro@ifom-ieo-campus.it */