hi guys...

I'm trying to set up apache authentication, but I'm having problems... First of all I can't find apachepas for download

Next, I tried WebServerAuth written originally for Plone CMS... But I don't know how to configure this module in Zope. I've entered managed area of zope in my browser (localhost:8080/manage), and under zport section (I guess zport is application under ZenOSS) added WebServerAuth module and configured it as extraction module, but authentication is still not working...

Thank you very much! First mistake I was doing was putting apachepas into $ZENHOME/lib/python/Zope2/utilities/skel/Products/apachepas instead of $ZENHOME/Products. That's why I was unable to see the plugin under the dropdown menu.

Now, I've added it successfully but I still got problems with entering ZenOSS. First of all, here is my apache vhost configuration:

<VirtualHost *:80>
     ServerName myserver.mycompany.com
     RewriteEngine On
     <Location "/">
        Order allow,deny
        Allow from all
        AuthType CAS
        Require valid-user

 

       # Put the login name (stored below) into the HTTP_X_REMOTE_USER
        # request header. This has to be in the <Location> block for
        # some Apache auth modules, such as PubCookie, which don't set
        # REMOTE_USER until very late.
        RequestHeader set X_REMOTE_USER %{remoteUser}e
     </Location>

 

    # Some Linux distributions (e.g., Debian Etch and Red Hat Enterprise
     # Linux AS Release 4) have default settings which prevent the header
     # rewrites below from working. Fix that:
     <Proxy *>
        Order deny,allow
        Allow from all
     </Proxy>

 

    # Do the typical VirtualHostMonster rewrite, adding an E= option
     # that puts the Apache-provided login name into the remoteUser
     # variable.
     RewriteRule ^/(.*)$ http://127.0.0.1:8080/VirtualHostBase/http/%{SERVER_NAME}/VirtualHostRoot/$1 [L,P,E=remoteUser:%{LA-U:REMOTE_USER}]
</VirtualHost>

Now, when I login through CAS in apache frontend, it redirects me to ZenOSS, but it can't display dashboard and instead I get this error on screen:

=== Server exception ===

The server reported the following error:

Unable to connect to the server.

The system has encountered an error. Please reload the page.

I can choose dismiss or retry. Retries return this error indefinitely. If I click on dismiss and try to click on dashboard - it returns me back to ZenOSS logon screen. So I guess user is parsed correctly from apache, because I see the username (without '@domain') in the upper right corner of ZenOSS screen. But the problem is I get the same screen no matter if I created user manually in ZenOSS or if the user authenticated in apache doesn't exist. Good thing is I cannot do anything with nonexistent zenoss users, bad thing is I cannot do anything with zenoss accounts I created in zenoss

In the event.log, I found this (in the approx time of login):

==> event.log <==
------
2010-08-13T18:06:18 ERROR Zope.SiteErrorLog 1281715578.190.545370311641 http://infra.srce.hr:8080/zport/dmd/messaging_router
Traceback (innermost last):
  Module ZPublisher.Publish, line 116, in publish
  Module ZPublisher.BaseRequest, line 541, in traverse
AttributeError: has_key

Any ideas?

"Sorry; I had presumed you working with Active Directory! You make sure that you create Zenoss user accounts (by logging into Zenoss using admin account) EXACTLY same like your enterprise SSO account names in *lowercase* -- to make sure that Zenoss can work with accounts in case insensitive manner.
Please make sure to create local account with appropriate roles BEFORE you let the users access through SSO

We have seen that the SSO accounts get incorrectly created -- if it were not already provisioned locally in Zenoss

We referred http://plone.org/documentation/kb/plone-with-apache link to setup our environment.  Zenoss already contains virtualhostmonster; you should see entry for Virutal_Hosting in the manage page (http://zenoss_server:8080/manage).

Also, we used reverse-proxy setup with ProxyPass, ProxyPassReverse. I don't see your Apache VirtualHost configuration containing proxy settings.

Our configuration file has the following entries:

ProxyPass /zport/ http://localhost:8080/zport/
ProxyPassReverse /zport/ http://localhost:8080/zport/

Good to know that it's working now!

Please refer to the "NOTE: Zenoss Logout option is hard-coded redirecting to /zport/dmd"section in the initial post to edit logoutUser.py file to fix the logout button.