Re: [galaxy-dev] LDAP authentification

Why do you need to create a proxy? The way I have ours set up is within a virtual host: <VirtualHost> <Location "/"> AuthName "Helix Systems" AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPUrl ldaps://helixdrive.nih.gov/ou=Users,ou=helix.nih.gov,o=scb?uid AuthLDAPBindDN "cn=maccount,ou=Special,o=scb" AuthLDAPBindPassword ******** Require valid-user RequestHeader set REMOTE_USER %{AUTHENTICATE_uid}e Options None Order Allow,Deny Allow from all </Location> RewriteRule ^/static/style/(.*) /data/galaxy/pro/static/june_2007_style/blue/$1 [L] RewriteRule ^/static/scripts/(.*) /data/galaxy/pro/static/scripts/packed/$1 [L] RewriteRule ^/static/(.*) /data/galaxy/pro/static/$1 [L] RewriteRule ^/favicon.ico /data/galaxy/pro/static/favicon.ico [L] RewriteRule ^/robots.txt /data/galaxy/pro/static/robots.txt [L] RewriteRule ^(.*) http://helixweb4.cit.nih.gov:8080$1 [P] </VirtualHost> David On Jan 19, 2012, at 10:49 AM, Sarah Maman wrote: > Hi Brad, Hi Christopher, > > Thanks a lot. > I'm talking to Open LDAP. I have changed > > RequestHeader set REMOTE_USER %{AUTHENTICATE_uid}e > to > RequestHeader set REMOTE_USER %{AUTHENTICATE_UID}e > > But I always have the same message /(Access to Galaxy is denied > Galaxy is configured to authenticate users via an external method (such as HTTP authentication in Apache), but a username was not provided by the upstream (proxy) server. This is generally due to a misconfiguration in the upstream server. )/ > > This is my .conf file : > <Proxy http://localhost:8080> > Order deny,allow > Allow from all > </Proxy> > > RewriteEngine on > > <Location "/"> > AuthType Basic > AuthName Galaxy > AuthBasicProvider ldap > AuthLDAPURL "ldap://server/ou=People,ou=genopole,ou=toulouse,o=inra,c=fr?u > id?sub?(objectClass=person)" > AuthzLDAPAuthoritative off > Require valid-user > # Take the $REMOTE_USER environment variable and set it as a header in the proxy request. > #RewriteCond %{IS_SUBREQ} ^false$ > #RewriteCond %{LA-U:REMOTE_USER} (.+) > #RewriteRule . - [E=RU:%1] > #RequestHeader set REMOTE_USER %{RU}e > RequestHeader set REMOTE_USER %{AUTHENTICATE_UID}e > </Location> > > > Thanks in advance, > Sarah > > > > > Langhorst, Brad a écrit : >> Hi Sarah: >> >> I don't know what kind of LDAP you're talking to... I'm talking to Active >> Directory and this configuration works in that situation. >> >> Order allow,deny >> allow from all >> >> AuthType Basic >> AuthName "NEB Credentials" >> AuthBasicProvider ldap >> AuthzLDAPAuthoritative off >> AuthLDAPBindDN ccalookup(a)neb.com >> AuthLDAPBindPassword <password> >> AuthLDAPURL >> "ldap://<ldap.domain.com>:389/dc=domain,dc=com?sAMAccountName" >> require valid-user >> RewriteCond %{IS_SUBREQ} ^false$ >> RewriteCond %{LA-U:REMOTE_USER} (.+) >> RewriteRule . - [E=RU:%1] >> RequestHeader set REMOTE_USER >> %{AUTHENTICATE_sAMAccountName}e >> >> >> > > ___________________________________________________________ > Please keep all replies on the list by using "reply all" > in your mail client. To manage your subscriptions to this > and other Galaxy lists, please use the interface at: > > http://lists.bx.psu.edu/