Whoa, sorry to bother you so much... I think I'm getting to the end step by step. As my apache still needs to serve some directories without authentication I've decided to setup a virtualhost listening to 8080 which is now proxy galaxy (listening to 8081). I've tried to follow your instructions but I believe most of the rewritecond and requestheader directive can be skipped. In principle I'm querying LDAP with this:
AuthLDAPURL "ldap://XXX/dc=ifom-ieo-campus,dc=it?cn,mail?sub?(cn=*)" AuthLDAPRemoteUserAttribute mail
I've checked this with a cgi script which prints evnironmental variables and I have:
REMOTE_USER = davide.cittaro@ifom-ieo-campus.it
That given, galaxy should simply read the variable, shouldn't it? Unfortunately what happens is that I'm asked to login (by apache) but after that I get the Galaxy error
Access to Galaxy is denied
Galaxy is configured to authenticate users via an external method (such as HTTP authentication in Apache), but a username was not provided by the upstream (proxy) server. This is generally due to a misconfiguration in the upstream server.
Please contact your local Galaxy administrator.
Here's the apache config file for the galaxy virtualhost:
NameVirtualHost *:8080 <VirtualHost *:8080> ServerAdmin davide.cittaro@ifom-ieo-campus.it
# DocumentRoot /data/galaxy_dist/static
RewriteEngine on RewriteRule ^(.*) http://localhost:8081$1 [P] RewriteRule ^/static/style/(.*) /data/galaxy_dist/static/june_2007_style/blue/$1 [L] RewriteRule ^/static/(.*) /data/galaxy_dist/static/$1 [L] RewriteRule ^/images/(.*) /data/galaxy_dist/static/images/$1 [L] RewriteRule ^/favicon.ico /data/galaxy_dist/static/favicon.ico [L] RewriteRule ^/robots.txt /data/galaxy_dist/static/robots.txt [L]
# RewriteCond %{IS_SUBREQ} ^false$ # RewriteCond %{LA-U:REMOTE_USER} (.+) # RewriteRule . - [E=RU:%1] # RequestHeader set REMOTE_USER %{RU}e # RequestHeader unset Authorization
<Location /> # Options +Indexes # IndexOptions FancyIndexing # AllowOverride None AuthType Basic AuthName Galaxy Order deny,allow AuthBasicProvider ldap AuthLDAPURL "ldap://XXX/dc=ifom-ieo-campus,dc=it?cn,mail?sub?(cn=*)" AuthLDAPRemoteUserAttribute mail Require ldap-filter objectClass=posixAccount </Location> # Alias / /data/galaxy_dist/static/
ErrorLog /var/log/apache2/galaxy-error.log
# Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel debug
CustomLog /var/log/apache2/galaxy-access.log combined ServerSignature On
<Location /root/display_as> Satisfy Any Order deny,allow Deny from all Allow from genome.ifom-ieo-campus.it </Location>
# ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ # <Directory "/usr/lib/cgi-bin"> # AllowOverride None # Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch # Order allow,deny # Allow from all # </Directory>
</VirtualHost>
d /* Davide Cittaro
Cogentech - Consortium for Genomic Technologies via adamello, 16 20139 Milano Italy
tel.: +39(02)574303007 e-mail: davide.cittaro@ifom-ieo-campus.it */