Mostly through trial and error I have created the Apache configuration file below.
It aims to allow a server on localhost:8002 and a trac server via WSGI to share an LDAP server and appear to be on the same domain/port.
The rules work in isolation, but not in parallel.
In particular, trac WSGI will only serve correctly if ProxyPass/ProxyPassReverse lines are commented out. Without that redirect the server at localhost:8002 obviously isn't mapped to the outgoing 8022 port.
I assume the mix of Directory, Proxy and Location rules is the route of my problem - or perhaps the order of them?
WSGIDaemonProcess trac stack-size=524288 python-path=/usr/lib/python2.5/site-packages
WSGIScriptAlias /trac /home/web/foo/parts/trac/tracwsgi/cgi-bin/trac.wsgi
<VirtualHost foo.bar.com:8022>
ServerName foo.bar.com
ServerAlias foo.bar.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyPass / http://localhost:8002/VirtualHostBase/http/foo.bar.com:8022/foo/VirtualHostRoot/
ProxyPassReverse / http://localhost:8002/VirtualHostBase/http/foo.bar.com:8022/foo/VirtualHostRoot/
<Directory "/home/web/foo/parts/trac/tracwsgi/cgi-bin">
WSGIApplicationGroup %{GLOBAL}
Options +Indexes FollowSymLinks
AllowOverride None
Allow from all
Order allow,deny
</Directory>
<Location "/trac">
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "Login"
AuthLDAPURL "ldap://127.0.0.1:389/dc=foo-bar,dc=org?uid"
AuthLDAPBindDN "cn=admin, dc=foo-bar, dc=org"
AuthLDAPBindPassword secret
require valid-user
</Location>
</VirtualHost>
Add:
before ProxyPass for '/'.
See:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass
You are also missing a WSGIProcessGroup directive. That Trac instance isn't going to run in the daemon mode process you created. See:
http://code.google.com/p/modwsgi/wiki/IntegrationWithTrac