0

This is a trac 1.4 install, using postgres as the DB, apache2 2.4 as the web server, running on Ubuntu 18 with Python 2.7

I'm converting a system from an earlier release of trac. THe problem was that when I signed onto trac with LDAP, I could get in, but couldn't create a ticket, though I'm granted those privs via trac-admin

I know ldap was working, in that if I would provide a bad user/password combo, it wouldn't let me in. So, in order to isolate the issue, I created an user in .htpasswd and also granted that user (I called it trac-admin) the ability to create tickets. Same situation, in that I know htpasswd was working, since if I purposely gave it a bad password, it was rejected.

So signing on with the user only gave me anonymous privs.
I set the logging to debug, and noticed that the acct_mgr plugin was being loaded. There's some disconnect between getting passed the authorization, and then being granted those rights to use trac.

The first thing I would see in the logs that gave a hint: DEBUG: DefaultPermissionPolicy allows anonymous

Michael LiVolsi
  • 13
  • 3
  • Are you authenticating through Apache or delegating authentication to TracAccountManager? If you are authenticating via Apache, you should leave Trac's LoginModule enabled and disable TracAccountManager's [LoginModule](https://trac-hacks.org/wiki/AccountManagerPlugin/Modules#LoginModule). – RjOllos Nov 24 '20 at 22:44
  • Just a heads up for anyone who encounters this, this is apache2.4, so the rules in your apache file will change, and keep it simple. I'll paraphrase: any ssl or aliases all the auth stuff in here, keep "require valid-user", get rid of "order allow, deny and Allow from All" <-- not 2.4 supported, then any rewrite stuff Sethandler none The order matters and the "Allow from all" and order directives should be removed in 2.4 – Michael LiVolsi Dec 03 '20 at 21:38
  • That's correct. The [TracModWSGI](https://trac.edgewall.org/wiki/TracModWSGI) are [TracModPython](https://trac.edgewall.org/wiki/TracModPython) pages are written for Apache 2.4. However, you'll likely find a lot of guides on the web that are pre-2.4. – RjOllos Dec 03 '20 at 23:03

0 Answers0