Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 298546 Details for
Bug 438021
Don't take over the entire Apache docroot
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
set web URL root to /ipa
freeipa-727-root.patch (text/plain), 4.27 KB, created by
Rob Crittenden
on 2008-03-19 17:26:05 UTC
(
hide
)
Description:
set web URL root to /ipa
Filename:
MIME Type:
Creator:
Rob Crittenden
Created:
2008-03-19 17:26:05 UTC
Size:
4.27 KB
patch
obsolete
># HG changeset patch ># User Rob Crittenden <rcritten@redhat.com> ># Date 1205947487 14400 ># Node ID 02e8ec0ce8b901c82542b185da961d6d4b9abf6c ># Parent ea8a9ad2441691bb5292194d4bd3ceea5e3b6718 >Re-root the IPA web UI to /ipa > >438021 > >diff -r ea8a9ad24416 -r 02e8ec0ce8b9 ipa-server/ipa-gui/ipa_webgui.cfg >--- a/ipa-server/ipa-gui/ipa_webgui.cfg Mon Mar 17 18:04:49 2008 -0400 >+++ b/ipa-server/ipa-gui/ipa_webgui.cfg Wed Mar 19 13:24:47 2008 -0400 >@@ -29,7 +29,7 @@ server.thread_pool = 10 > > # if this is part of a larger site, you can set the path > # to the TurboGears instance here >-# server.webpath="" >+server.webpath="/ipa" > > # Set to True if you are deploying your App behind a proxy > # e.g. Apache using mod_proxy >@@ -58,7 +58,7 @@ session_filter.storage_path='/var/cache/ > > # Listen only on the local interface so all requests go through > # Apache/mod_auth_kerb/mod_proxy. >-server.server_port = 8080 >+server.socket_port = 8080 > server.socket_host="127.0.0.1" > > # LOGGING >diff -r ea8a9ad24416 -r 02e8ec0ce8b9 ipa-server/ipa-gui/ipagui/proxyprovider.py >--- a/ipa-server/ipa-gui/ipagui/proxyprovider.py Mon Mar 17 18:04:49 2008 -0400 >+++ b/ipa-server/ipa-gui/ipagui/proxyprovider.py Wed Mar 19 13:24:47 2008 -0400 >@@ -25,6 +25,7 @@ import ipa.group > import ipa.group > import ipa.user > import ldap >+import krbV > > log = logging.getLogger("turbogears.identity") > >@@ -143,12 +144,18 @@ class ProxyIdentityProvider(SqlObjectIde > > def load_identity(self, visit_key): > try: >- user_name= cherrypy.request.headers['X-FORWARDED-USER'] > os.environ["KRB5CCNAME"] = cherrypy.request.headers['X-FORWARDED-KEYTAB'] >+ ccache = krbV.CCache(cherrypy.request.headers['X-FORWARDED-KEYTAB']) >+ user_name = ccache.principal().name > # user_name = "test@FREEIPA.ORG" > # os.environ["KRB5CCNAME"] = "FILE:/tmp/krb5cc_500" > except KeyError: > return None >+ except AttributeError: >+ return None >+ except krbV.Krb5Error: >+ return None >+ > set_login_attempted( True ) > return self.validate_identity( user_name, None, visit_key ) > >diff -r ea8a9ad24416 -r 02e8ec0ce8b9 ipa-server/xmlrpc-server/ipa-rewrite.conf >--- a/ipa-server/xmlrpc-server/ipa-rewrite.conf Mon Mar 17 18:04:49 2008 -0400 >+++ b/ipa-server/xmlrpc-server/ipa-rewrite.conf Wed Mar 19 13:24:47 2008 -0400 >@@ -1,4 +1,8 @@ RewriteEngine on > RewriteEngine on >+ >+# By default forward all requests to /ipa. If you don't want IPA >+# to be the default on your web server comment this line out. >+RewriteRule ^/$$ https://$FQDN/ipa [L,NC] > > # Redirect to the fully-qualified hostname. Not redirecting to secure > # port so configuration files can be retrieved without requiring SSL. >diff -r ea8a9ad24416 -r 02e8ec0ce8b9 ipa-server/xmlrpc-server/ipa.conf >--- a/ipa-server/xmlrpc-server/ipa.conf Mon Mar 17 18:04:49 2008 -0400 >+++ b/ipa-server/xmlrpc-server/ipa.conf Wed Mar 19 13:24:47 2008 -0400 >@@ -22,35 +22,26 @@ AddType application/java-archive > Order deny,allow > Allow from all > >- # We create a subrequest to find REMOTE_USER. Don't do this for every >- # subrequest too (slow and huge logs result) >- RewriteCond %{IS_SUBREQ}% false >- RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}] >- RequestHeader set X-Forwarded-User %{RU}e > RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e > > # RequestHeader unset Authorization > </Proxy> > > # The URI's with a trailing ! are those that aren't handled by the proxy >-ProxyPass /cgi-bin ! >-ProxyPass /errors ! >-ProxyPass /config ! >-ProxyPass /ipa ! >-#ProxyPass /ipatest ! >-ProxyPass / http://localhost:8080/ >-ProxyPassReverse /cgi-bin ! >-ProxyPassReverse /errors ! >-ProxyPassReverse /config ! >-ProxyPassReverse /ipa ! >-#ProxyPassReverse /ipatest ! >-ProxyPassReverse / http://localhost:8080/ >+ProxyPass /ipa http://localhost:8080 >+ProxyPassReverse /ipa http://localhost:8080 > > # Configure the XML-RPC service >+Alias /ipa "/usr/share/ipa/ipaserver/XMLRPC" > >-Alias /ipa "/usr/share/ipa/ipaserver/XMLRPC" >+# This is where we redirect on failed auth > Alias /errors "/usr/share/ipa/html" >+ >+# For the MIT Windows config files > Alias /config "/usr/share/ipa/html" >+ >+# So we don't have to hardcode a path into the CSS >+Alias /static "/usr/share/ipa/ipagui/static" > > <Directory "/usr/share/ipa/ipaserver"> > AuthType Kerberos
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=298546">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 438021
:
298546
|
298751