Trac 1.4.3 with Apache2.4 on Ubuntu 22.04 - Problems

39 views
Skip to first unread message

Michael LiVolsi

unread,
Mar 7, 2023, 5:26:50 PM3/7/23
to Trac Users
Glad I found this group.

Gist of the Problem:
I can authenticate against LDAP and .htpasswd, but the user is still being set to "anonymous".

Does authentication Work ?
Yes. I know .htpasswd and ldap are working is that when I enter an invalid password, I get re-prompted.

Site Location
My location for everything is "/var/trac/sites/traffic"

How it's all configured:
  • Apache as the web server with tracd running.
  • LDAP and .htpasswd as the authentication vehicles.
  • Postgresql as the database back-end


I start the trac daemon like this from unix account : "admin"
/usr/local/bin/tracd --daemonize --pidfile=/var/trac/tracd.pid --port=3000 --hostname=localhost --base-path=/traffic -s /var/trac/sites/traffic

I've attached my apache configuration.
I've attached my trac.ini configuration.
I've attached the apache mods that are enabled.

and finally, all the modules installed:

Package                     Version
--------------------------- --------
Genshi                      0.7.7
html5lib                    1.1
Jinja2                      2.11.3
MarkupSafe                  1.1.1
nose                        1.3.7
pip                         20.3.4
postgres                    4.0
psycopg2-binary             2.8.6
psycopg2-pool               1.1
pyasn1                      0.4.8
pyasn1-modules              0.2.8
python-dateutil             2.8.2
pytz                        2022.7.1
setuptools                  44.1.1
six                         1.16.0
svn                         1.0.1
Trac                        1.4.3
TracAutocompleteUsersPlugin 0.4.7
TracSimpleTicket            5.0
TracTags                    0.12.1
webencodings                0.5.1
wheel                       0.37.1

I'll owe someone a beer (or coffee) is I can get this going.
Thanks for any help.

- Mike -

trac.ini
apache_mods.dat
trac.conf

Tony Brian Albers (XTOAL)

unread,
Mar 8, 2023, 1:55:49 AM3/8/23
to Trac Users
Good morning Mike,

See if this helps, it's taken from one of our setups(we're running trac via WSGI though):

<Location "/">
38 AuthLDAPBindDN "CN=CommonName,OU=ServiceAccounts,OU=Unit,DC=Base,DC=Place"
39 AuthLDAPBindPassword "whatever"
40 # search user
41 AuthLDAPURL "ldap://ip.ip.ip.ip/OU=ServiceAccounts,DC=Base,DC=Place?sAMAccountName?sub?(objectClass=*)"
42 AuthLDAPBindAuthoritative on
43 AuthType Basic
44 AuthBasicProvider file ldap
45 AuthName "Enter TRAC password"
46 AuthUserFile /opt/trac/htpasswd
47 Require valid-user
48 WSGIApplicationGroup %{GLOBAL}
49 </Location>

HTH

/tony

--
Tony Albers - SCSA, SCNA, EMCIE, EMCBA, RHCSA
Transition Manager - FIT/TMS Delivery Team - Signalling Integrations
Banedanmark, Signalling Systems
Carsten Niebuhrs Gade 43, 1577 Copenhagen V

________________________________________
From: trac-...@googlegroups.com <trac-...@googlegroups.com> on behalf of Michael LiVolsi <mikel...@gmail.com>
Sent: 07 March 2023 23:02
To: Trac Users
Subject: [Trac] Trac 1.4.3 with Apache2.4 on Ubuntu 22.04 - Problems

CAUTION: This email originated from outside the organization.


Glad I found this group.

Gist of the Problem:
I can authenticate against LDAP and .htpasswd, but the user is still being set to "anonymous".

Does authentication Work ?
Yes. I know .htpasswd and ldap are working is that when I enter an invalid password, I get re-prompted.

Site Location
My location for everything is "/var/trac/sites/traffic"

How it's all configured:

* Apache as the web server with tracd running.
* LDAP and .htpasswd as the authentication vehicles.
* Postgresql as the database back-end
--
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to trac-users+...@googlegroups.com<mailto:trac-users+...@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/trac-users/80ac720d-e5ea-4630-b8b0-d83a8a26505cn%40googlegroups.com<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Ftrac-users%2F80ac720d-e5ea-4630-b8b0-d83a8a26505cn%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cxtoal%40bane.dk%7C57eda163003d47b474cb08db1f5b0cce%7C2e91ef123cbc456a8637b8d139d5d3a7%7C0%7C0%7C638138248144299912%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pqd2MVNuzubd6XUOh8t%2Fd4wNidl%2BKIlCwF%2BrJ1mdP5I%3D&reserved=0>.
Message has been deleted

Michael LiVolsi

unread,
Mar 9, 2023, 6:19:37 PM3/9/23
to Trac Users
Swing and a miss.. Strike 1
I re-wrote this apache conf..  I took LDAP   OUT of the equation.
I'm authenticating.. but...

TRACD hasn't got a clue of which user was authenticated... so it becomes anonymous.


<VirtualHost *:443>
    ServerAdmin mlivolsi@xxxxx
    ServerName trac2.xxxx
    ServerAlias  trac2.xxxx
    DocumentRoot /var/trac/sites/traffic/htdocs

    <Directory  /var/trac/sites/traffic/htdocs>
        <IfModule mod_authz_core.c>
            Options FollowSymLinks
            AllowOverride Limit Options FileInfo
            DirectoryIndex index.html
            Require all granted
        </IfModule>
    </Directory>

    <Location /traffic>
        ProxyPass  http://127.0.0.1:3000/traffic
        ProxyPassReverse http://127.0.0.1:3000/traffic

        AuthType Basic
        AuthBasicProvider file
        AuthName "Enter your e-mail address and password."
        AuthUserFile /var/trac/sites/traffic/htdocs/.htpasswd

        Require valid-user
        Satisfy All
    </Location>
    ProxyPreserveHost on
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/STAR_mla_org.crt
    SSLCertificateKeyFile /etc/ssl/private/app/server_2020.key
    SSLCertificateChainFile /etc/ssl/certs/CA_bundle.crt

</VirtualHost>

Michael LiVolsi

unread,
Mar 9, 2023, 9:33:04 PM3/9/23
to Trac Users
Oh for the love of Pete...

obey_remote_user_header  (try googling that term and you get 0 returns)  It was set on an old install.
Yeah.. that worked.
Message has been deleted

RjOllos

unread,
Mar 9, 2023, 10:57:52 PM3/9/23
to Trac Users
On Thursday, March 9, 2023 at 6:33:04 PM UTC-8 mikel...@gmail.com wrote:
Oh for the love of Pete...

obey_remote_user_header  (try googling that term and you get 0 returns)  It was set on an old install.
Yeah.. that worked.

Is that an option in apache2.conf that needed to be enabled but was not enabled in your new install? I have never heard of it.

What is your OS and/or hosting service if not running your own VM?

 

Tony Brian Albers (XTOAL)

unread,
Mar 10, 2023, 2:16:03 AM3/10/23
to Trac Users
@RjOllos > It's actually mentioned here:
https://trac.edgewall.org/wiki/TracStandalone

And a starpage search on "httpd obey_remote_user_header" does give a few results too.

/tony

--
Tony Albers - SCSA, SCNA, EMCIE, EMCBA, RHCSA
Transition Manager - FIT/TMS Delivery Team - Signalling Integrations
Banedanmark, Signalling Systems
Carsten Niebuhrs Gade 43, 1577 Copenhagen V

________________________________________
From: trac-...@googlegroups.com <trac-...@googlegroups.com> on behalf of RjOllos <rjo...@gmail.com>
Sent: 10 March 2023 04:57
To: Trac Users
Subject: Re: [Trac] Trac 1.4.3 with Apache2.4 on Ubuntu 22.04 - Problems

CAUTION: This email originated from outside the organization.




--
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to trac-users+...@googlegroups.com<mailto:trac-users+...@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/trac-users/3630555e-920c-4a21-8082-a87253d4c1afn%40googlegroups.com<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsgid%2Ftrac-users%2F3630555e-920c-4a21-8082-a87253d4c1afn%2540googlegroups.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=05%7C01%7Cxtoal%40bane.dk%7Ca113c196765a4887396f08db211ba2ba%7C2e91ef123cbc456a8637b8d139d5d3a7%7C0%7C0%7C638140174809506343%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=QWBEwl4YgccZt%2BVklyTBxNucvbSqg38E3SFeejJBDQE%3D&reserved=0>.

Michael LiVolsi

unread,
Mar 10, 2023, 8:57:45 AM3/10/23
to Trac Users
See attached for the old trac.ini.

The orginal box was running Debian 6, Trac 1.0.1 and postgres on an ESX.
We moved everything over to AWS. but basically did an image copy of the environment using CloudEndure (an image copy thing from AWS that allows you to copy images that might not be supported by them)

Now, we want to move everything to a more modern system.. so Ubuntu 22.. staying with Postgres and Trac 1.4.3.. but first, I wanted to see if I could get it running before doing a conversion.
So.. tracd running standalone, front ended with Apache (or nginx) and Postgres on RDS..  Since we have roles.. it's not just getting them authenticated, but based on their username, they get certain privileges.
so coming in as anonymous wasn't an option..
Event ChatGPT totally failed (suggesting wrong directives in the wrong sections of the apache config). 
Judging my comments about Apache.. I suspected it had something to do with headers being passed.. I must have stopped/started apache well north of 100x.
My Apache config looked rock solid, so now I suspected trac.ini   and lo and behold, I look for "header" in the old config, set that on the new server.. and bam.. it worked.

- Mike -
trac.ini
Reply all
Reply to author
Forward
0 new messages