Here is a sample Location block for setting up Apache as an authentication proxy for a remote Trac install. It sets a REMOTE_USER header so that Trac does not need to worry about authentication, and rewrites the URL for the remote URL Schema.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
RewriteEngine On  #< Allows Rewritin the URL with regexes
ProxyRequests Off #< Not a forward proxy
<Location /DATAIT>
        AuthType Basic
        AuthName "Ticketing System"
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off
        AuthLDAPBindDN "binduser@domain.com"
        AuthLDAPBindPassword "I_AM_A_BIND_PASSWD"
        Require valid-user
        AuthLDAPURL "ldap://$LDAP_IP:389/CN=Users,DC=domain,DC=com?sAMAccountName #< You will need to modify this to fit your LDAP environment
        Options FollowSymLinks
        Order allow,deny
        allow from all
        RewriteRule         /AUTH_PROXY/(.*) http://REMOTE_SERVER:8080/REMOTE_ENDPOINT/$1 [P]  #< Grabs everything after /AUTH_PROXY and forwards to REMOTE_SERVER:8080/REMOTE_ENDPOINT/*
        ProxyPass           http://REMOTE_SERVER:8080/REMOTE_ENDPOINT  #< Setup proxy
        ProxyPassReverse    http://172.20.228.66:443/REMOTE_ENDPOINT   #< Setup proxy
        RequestHeader set REMOTE_USER %{REMOTE_USER}s                  #< Remote user header for auth
</Location>
0