Whoa, sorry to bother you so much... I think I'm getting to the end step by step.
As my apache still needs to serve some directories without authentication I've decided to setup a virtualhost listening to 8080 which is now proxy galaxy (listening to 8081).
I've tried to follow your instructions but I believe most of the rewritecond and requestheader directive can be skipped. In principle I'm querying LDAP with this:


                AuthLDAPURL "ldap://XXX/dc=ifom-ieo-campus,dc=it?cn,mail?sub?(cn=*)"
                AuthLDAPRemoteUserAttribute mail

I've checked this with a cgi script which prints evnironmental variables and I have:

REMOTE_USER = davide.cittaro@ifom-ieo-campus.it

That given, galaxy should simply read the variable, shouldn't it? Unfortunately what happens is that I'm asked to login (by apache) but after that I get the Galaxy error 


Access to Galaxy is denied

Galaxy is configured to authenticate users via an external method (such as HTTP authentication in Apache), but a username was not provided by the upstream (proxy) server. This is generally due to a misconfiguration in the upstream server.

Please contact your local Galaxy administrator.


Here's the apache config file for the galaxy virtualhost:

NameVirtualHost *:8080
<VirtualHost *:8080>
        ServerAdmin davide.cittaro@ifom-ieo-campus.it
        
#        DocumentRoot /data/galaxy_dist/static

       RewriteEngine on
       RewriteRule ^(.*) http://localhost:8081$1 [P]
       RewriteRule ^/static/style/(.*) /data/galaxy_dist/static/june_2007_style/blue/$1 [L]
       RewriteRule ^/static/(.*) /data/galaxy_dist/static/$1 [L]
       RewriteRule ^/images/(.*) /data/galaxy_dist/static/images/$1 [L]
       RewriteRule ^/favicon.ico /data/galaxy_dist/static/favicon.ico [L]
       RewriteRule ^/robots.txt /data/galaxy_dist/static/robots.txt [L]

#       RewriteCond %{IS_SUBREQ} ^false$
#       RewriteCond %{LA-U:REMOTE_USER} (.+)
#       RewriteRule . - [E=RU:%1]
#       RequestHeader set REMOTE_USER %{RU}e
#       RequestHeader unset Authorization


        <Location />
#               Options +Indexes
#               IndexOptions FancyIndexing
#               AllowOverride None
                AuthType Basic
                AuthName Galaxy
                Order deny,allow
                AuthBasicProvider ldap
                AuthLDAPURL "ldap://XXX/dc=ifom-ieo-campus,dc=it?cn,mail?sub?(cn=*)"
                AuthLDAPRemoteUserAttribute mail
                Require ldap-filter objectClass=posixAccount
        </Location>
#       Alias / /data/galaxy_dist/static/

        ErrorLog /var/log/apache2/galaxy-error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel debug

        CustomLog /var/log/apache2/galaxy-access.log combined
        ServerSignature On

        <Location /root/display_as>
            Satisfy Any
            Order deny,allow
            Deny from all
            Allow from genome.ifom-ieo-campus.it
        </Location>

# ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
#        <Directory "/usr/lib/cgi-bin">
#                AllowOverride None
#                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
#                Order allow,deny
#                Allow from all
#        </Directory>

</VirtualHost>


d
/*
Davide Cittaro

Cogentech - Consortium for Genomic Technologies
via adamello, 16
20139 Milano
Italy

tel.: +39(02)574303007
e-mail: davide.cittaro@ifom-ieo-campus.it
*/