Whoa, sorry to bother you so much... I think I'm getting to the end step by step. As my apache still needs to serve some directories without authentication I've decided to setup a virtualhost listening to 8080 which is now proxy galaxy (listening to 8081). I've tried to follow your instructions but I believe most of the rewritecond and requestheader directive can be skipped. In principle I'm querying LDAP with this: AuthLDAPURL "ldap://XXX/dc=ifom-ieo-campus,dc=it?cn,mail?sub?(cn=*)" AuthLDAPRemoteUserAttribute mail I've checked this with a cgi script which prints evnironmental variables and I have: REMOTE_USER = davide.cittaro@ifom-ieo-campus.it That given, galaxy should simply read the variable, shouldn't it? Unfortunately what happens is that I'm asked to login (by apache) but after that I get the Galaxy error Access to Galaxy is denied Galaxy is configured to authenticate users via an external method (such as HTTP authentication in Apache), but a username was not provided by the upstream (proxy) server. This is generally due to a misconfiguration in the upstream server. Please contact your local Galaxy administrator. Here's the apache config file for the galaxy virtualhost: NameVirtualHost *:8080 <VirtualHost *:8080> ServerAdmin davide.cittaro@ifom-ieo-campus.it # DocumentRoot /data/galaxy_dist/static RewriteEngine on RewriteRule ^(.*) http://localhost:8081$1 [P] RewriteRule ^/static/style/(.*) /data/galaxy_dist/static/june_2007_style/blue/$1 [L] RewriteRule ^/static/(.*) /data/galaxy_dist/static/$1 [L] RewriteRule ^/images/(.*) /data/galaxy_dist/static/images/$1 [L] RewriteRule ^/favicon.ico /data/galaxy_dist/static/favicon.ico [L] RewriteRule ^/robots.txt /data/galaxy_dist/static/robots.txt [L] # RewriteCond %{IS_SUBREQ} ^false$ # RewriteCond %{LA-U:REMOTE_USER} (.+) # RewriteRule . - [E=RU:%1] # RequestHeader set REMOTE_USER %{RU}e # RequestHeader unset Authorization <Location /> # Options +Indexes # IndexOptions FancyIndexing # AllowOverride None AuthType Basic AuthName Galaxy Order deny,allow AuthBasicProvider ldap AuthLDAPURL "ldap://XXX/dc=ifom-ieo-campus,dc=it?cn,mail?sub?(cn=*)" AuthLDAPRemoteUserAttribute mail Require ldap-filter objectClass=posixAccount </Location> # Alias / /data/galaxy_dist/static/ ErrorLog /var/log/apache2/galaxy-error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel debug CustomLog /var/log/apache2/galaxy-access.log combined ServerSignature On <Location /root/display_as> Satisfy Any Order deny,allow Deny from all Allow from genome.ifom-ieo-campus.it </Location> # ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ # <Directory "/usr/lib/cgi-bin"> # AllowOverride None # Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch # Order allow,deny # Allow from all # </Directory> </VirtualHost> d /* Davide Cittaro Cogentech - Consortium for Genomic Technologies via adamello, 16 20139 Milano Italy tel.: +39(02)574303007 e-mail: davide.cittaro@ifom-ieo-campus.it */