Quantcast

Problem with Active Directory/LDAP authentication

classic Classic list List threaded Threaded
5 messages Options
| Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Problem with Active Directory/LDAP authentication

Harris Shapiro
Hello,

I'm writing because I've been trying for the past few days to configure Galaxy to use Apache-based LDAP authentication, but have reached a point where I'm basically stuck.  The system in a virtual machine running:

- CentOS 5.8
- Apache 2.2.3

I'm trying to configure a Galaxy instance at "localhost:8080", with Active Directory authentication.

I started with the admin page documentation:

http://wiki.galaxyproject.org/Admin/Config/Apache%20Proxy

and also worked through the troubleshooting examples found at:

a) http://user.list.galaxyproject.org/Galaxy-Apache-External-Authentication-tt4131493.html#a4131495
b) http://gmod.827538.n3.nabble.com/galaxy-dev-ldap-integration-td839409.html
c) http://lists.bx.psu.edu/pipermail/galaxy-dev/2010-January/001676.html

Following the debugging steps suggested by URL (a), I'm able to verify that:

1) The authentication clause I have works, without rewrite rules and without a proxy.
2) Without rewrite rules and a proxy, the Apache environment has the AUTHENTICATE_SAMACCOUNTNAME and REMOTE_USER environment variables set.

Unfortunately, when I turn on the proxy (setting "use_remote_user" and "remote_user_maildomain" in universe_wsgi.ini accordingly), I get the following error message when I try accessing the "localhost:8080" URL, the following error message appears:

"Access to Galaxy is denied

Galaxy is configured to authenticate users via an external method (such as HTTP authentication in Apache), but a username was not provided by the upstream (proxy) server. This is generally due to a misconfiguration in the upstream server.

Please contact your local Galaxy administrator."

As suggested by URLs (a) and (c), I modified ./lib/galaxy/web/framework/middleware/remoteuser.py to print the environment seen by that script.  None of the remote user information seems to be making to the script, either from AUTHENTICATE_SAMACCOUNTNAME or REMOTE_USER, no matter which of the suggested combinations of "RewriteCond", "RewriteRule", and "RequestHeader" options I tried.  In addition, the troubleshooting suggestions to force a REMOTE_USER value to be set via a directive like:

RequestHeader add REMOTE_USER [user name]

also failed to pass REMOTE_USER to the remoteuser.py script.

I've included below an extract from the Apache configuration file that I've been trying.  Any advice or assistance that people might be able to provide would be greatly appreciated, and please let me know if you'd need any additional information from me.

Sincerely,
Harris Shapiro
Genomic Health, Inc.




Extract from Apache configuration file:
Note: I've also tried a variant where I replaced REMOTE_USER with AUTHENTICATE_SAMACCOUNTNAME in the various RewriteCond & RequestHeader directives.  That variant produced the same error message.

<Proxy http://localhost:8080>
        Order deny,allow
        Allow from all
</Proxy>

RewriteEngine on

<Location "/">
        AuthType Basic
        AuthName "Please log in with your Windows account"
        AuthBasicProvider ldap
        AuthLDAPURL [Verified LDAP connection information]
        AuthzLDAPAuthoritative off
        AuthLDAPBindDN [Verified DN]
        AuthLDAPBindPassword [Verified password]
        Require valid-user
       RewriteCond %{IS_SUBREQ} ^false$
       RewriteCond %{LA-U:REMOTE_USER} (.+)
       RewriteRule . - [E=RU:%1]
       RequestHeader set REMOTE_USER %{RU}e
</Location>


RewriteRule ^/static/style/(.*) /home/hshapiro/software/galaxy/galaxy-dist/static/june_2007_style/blue/$1 [L]
RewriteRule ^/static/scripts/(.*) /home/hshapiro/software/galaxy/galaxy-dist/static/scripts/packed/$1 [L]
RewriteRule ^/static/(.*) /home/hshapiro/software/galaxy/galaxy-dist/static/$1 [L]
RewriteRule ^/favicon.ico /home/hshapiro/software/galaxy/galaxy-dist/static/favicon.ico [L]
RewriteRule ^/robots.txt /home/hshapiro/software/galaxy/galaxy-dist/static/robots.txt [L]
RewriteRule ^(.*) http://localhost:8080$1 [P]




___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/
| Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with Active Directory/LDAP authentication

Nate Coraor (nate@bx.psu.edu)
On Nov 19, 2012, at 12:49 PM, Harris Shapiro wrote:

> Hello,
>
> I'm writing because I've been trying for the past few days to configure Galaxy to use Apache-based LDAP authentication, but have reached a point where I'm basically stuck.  The system in a virtual machine running:
>
> - CentOS 5.8
> - Apache 2.2.3
>
> I'm trying to configure a Galaxy instance at "localhost:8080", with Active Directory authentication.
>
> I started with the admin page documentation:
>
> http://wiki.galaxyproject.org/Admin/Config/Apache%20Proxy
>
> and also worked through the troubleshooting examples found at:
>
> a) http://user.list.galaxyproject.org/Galaxy-Apache-External-Authentication-tt4131493.html#a4131495
> b) http://gmod.827538.n3.nabble.com/galaxy-dev-ldap-integration-td839409.html
> c) http://lists.bx.psu.edu/pipermail/galaxy-dev/2010-January/001676.html
>
> Following the debugging steps suggested by URL (a), I'm able to verify that:
>
> 1) The authentication clause I have works, without rewrite rules and without a proxy.
> 2) Without rewrite rules and a proxy, the Apache environment has the AUTHENTICATE_SAMACCOUNTNAME and REMOTE_USER environment variables set.
>
> Unfortunately, when I turn on the proxy (setting "use_remote_user" and "remote_user_maildomain" in universe_wsgi.ini accordingly), I get the following error message when I try accessing the "localhost:8080" URL, the following error message appears:
>
> "Access to Galaxy is denied
>
> Galaxy is configured to authenticate users via an external method (such as HTTP authentication in Apache), but a username was not provided by the upstream (proxy) server. This is generally due to a misconfiguration in the upstream server.
>
> Please contact your local Galaxy administrator."
>
> As suggested by URLs (a) and (c), I modified ./lib/galaxy/web/framework/middleware/remoteuser.py to print the environment seen by that script.  None of the remote user information seems to be making to the script, either from AUTHENTICATE_SAMACCOUNTNAME or REMOTE_USER, no matter which of the suggested combinations of "RewriteCond", "RewriteRule", and "RequestHeader" options I tried.  In addition, the troubleshooting suggestions to force a REMOTE_USER value to be set via a directive like:
>
> RequestHeader add REMOTE_USER [user name]
>
> also failed to pass REMOTE_USER to the remoteuser.py script.
>
> I've included below an extract from the Apache configuration file that I've been trying.  Any advice or assistance that people might be able to provide would be greatly appreciated, and please let me know if you'd need any additional information from me.

Hi Harris,

Have you tried upping the logging level for mod_rewrite as suggested by Assaf in (a)?  This should tell you exactly what is and is not being matched as Apache processes requests through those directives.

--nate

>
> Sincerely,
> Harris Shapiro
> Genomic Health, Inc.
>
>
>
>
> Extract from Apache configuration file:
> Note: I've also tried a variant where I replaced REMOTE_USER with AUTHENTICATE_SAMACCOUNTNAME in the various RewriteCond & RequestHeader directives.  That variant produced the same error message.
>
> <Proxy http://localhost:8080>
>         Order deny,allow
>         Allow from all
> </Proxy>
>
> RewriteEngine on
>
> <Location "/">
>         AuthType Basic
>         AuthName "Please log in with your Windows account"
>         AuthBasicProvider ldap
>         AuthLDAPURL [Verified LDAP connection information]
>         AuthzLDAPAuthoritative off
>         AuthLDAPBindDN [Verified DN]
>         AuthLDAPBindPassword [Verified password]
>         Require valid-user
>        RewriteCond %{IS_SUBREQ} ^false$
>        RewriteCond %{LA-U:REMOTE_USER} (.+)
>        RewriteRule . - [E=RU:%1]
>        RequestHeader set REMOTE_USER %{RU}e
> </Location>
>
>
> RewriteRule ^/static/style/(.*) /home/hshapiro/software/galaxy/galaxy-dist/static/june_2007_style/blue/$1 [L]
> RewriteRule ^/static/scripts/(.*) /home/hshapiro/software/galaxy/galaxy-dist/static/scripts/packed/$1 [L]
> RewriteRule ^/static/(.*) /home/hshapiro/software/galaxy/galaxy-dist/static/$1 [L]
> RewriteRule ^/favicon.ico /home/hshapiro/software/galaxy/galaxy-dist/static/favicon.ico [L]
> RewriteRule ^/robots.txt /home/hshapiro/software/galaxy/galaxy-dist/static/robots.txt [L]
> RewriteRule ^(.*) <a href="http://localhost:8080$1">http://localhost:8080$1 [P]
>
>
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>
>  http://lists.bx.psu.edu/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/
| Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with Active Directory/LDAP authentication

cjav
In reply to this post by Harris Shapiro
Hi Harris,

I can't pin-point your issue exactly, to be honest I don't quite
remember how I got to this working configuration. Still please take a
look at this configuration as I'm using it in almost exactly the same
enviroment, Centos 6/Apache 2.2.15/Active Directory...

<VirtualHost *:80>
    ServerAdmin admin@local
    ServerName galaxy.local:80

    <Proxy http://localhost:8080>
        Order deny,allow
        Allow from all
    </Proxy>
    RewriteEngine on
    <Location "/">
        AuthName "Galaxy BFX"
        AuthType Basic
        AuthBasicAuthoritative off
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off
        AuthLDAPURL [LDAP_URL]
        AuthLDAPBindDN [DN]
        AuthLDAPBindPassword [PW]
        Require valid-user
        # Set the REMOTE_USER header to the contents of the LDAP query
response's "uid" attribute
        RequestHeader set REMOTE_USER %{AUTHENTICATE_sAMAccountName}e

        XSendFile on
        XSendFilePath /
    </Location>
    RewriteRule ^/static/style/(.*)
/local/opt/galaxy/galaxy-dist/static/june_2007_style/blue/$1 [L]
    RewriteRule ^/static/scripts/(.*)
/local/opt/galaxy/galaxy-dist/static/scripts/packed/$1 [L]
    RewriteRule ^/static/(.*) /local/opt/galaxy/galaxy-dist/static/$1 [L]
    RewriteRule ^/favicon.ico
/local/opt/galaxy/galaxy-dist/static/favicon.ico [L]
    RewriteRule ^/robots.txt /local/opt/galaxy/galaxy-dist/static/robots.txt [L]
    RewriteRule ^(.*) <a href="http://localhost:8080$1">http://localhost:8080$1 [P]

    ErrorLog logs/galaxy.local-error_log
    CustomLog logs/galaxy.local-access_log common
</VirtualHost>

Cheers,
Carlos

On Mon, Nov 19, 2012 at 12:49 PM, Harris Shapiro <[hidden email]> wrote:

> Hello,
>
> I'm writing because I've been trying for the past few days to configure
> Galaxy to use Apache-based LDAP authentication, but have reached a point
> where I'm basically stuck.  The system in a virtual machine running:
>
> - CentOS 5.8
> - Apache 2.2.3
>
> I'm trying to configure a Galaxy instance at "localhost:8080", with Active
> Directory authentication.
>
> I started with the admin page documentation:
>
> http://wiki.galaxyproject.org/Admin/Config/Apache%20Proxy
>
> and also worked through the troubleshooting examples found at:
>
> a)
> http://user.list.galaxyproject.org/Galaxy-Apache-External-Authentication-tt4131493.html#a4131495
> b)
> http://gmod.827538.n3.nabble.com/galaxy-dev-ldap-integration-td839409.html
> c) http://lists.bx.psu.edu/pipermail/galaxy-dev/2010-January/001676.html
>
> Following the debugging steps suggested by URL (a), I'm able to verify that:
>
> 1) The authentication clause I have works, without rewrite rules and without
> a proxy.
> 2) Without rewrite rules and a proxy, the Apache environment has the
> AUTHENTICATE_SAMACCOUNTNAME and REMOTE_USER environment variables set.
>
> Unfortunately, when I turn on the proxy (setting "use_remote_user" and
> "remote_user_maildomain" in universe_wsgi.ini accordingly), I get the
> following error message when I try accessing the "localhost:8080" URL, the
> following error message appears:
>
> "Access to Galaxy is denied
>
> Galaxy is configured to authenticate users via an external method (such as
> HTTP authentication in Apache), but a username was not provided by the
> upstream (proxy) server. This is generally due to a misconfiguration in the
> upstream server.
>
> Please contact your local Galaxy administrator."
>
> As suggested by URLs (a) and (c), I modified
> ./lib/galaxy/web/framework/middleware/remoteuser.py to print the environment
> seen by that script.  None of the remote user information seems to be making
> to the script, either from AUTHENTICATE_SAMACCOUNTNAME or REMOTE_USER, no
> matter which of the suggested combinations of "RewriteCond", "RewriteRule",
> and "RequestHeader" options I tried.  In addition, the troubleshooting
> suggestions to force a REMOTE_USER value to be set via a directive like:
>
> RequestHeader add REMOTE_USER [user name]
>
> also failed to pass REMOTE_USER to the remoteuser.py script.
>
> I've included below an extract from the Apache configuration file that I've
> been trying.  Any advice or assistance that people might be able to provide
> would be greatly appreciated, and please let me know if you'd need any
> additional information from me.
>
> Sincerely,
> Harris Shapiro
> Genomic Health, Inc.
>
>
>
>
> Extract from Apache configuration file:
> Note: I've also tried a variant where I replaced REMOTE_USER with
> AUTHENTICATE_SAMACCOUNTNAME in the various RewriteCond & RequestHeader
> directives.  That variant produced the same error message.
>
> <Proxy http://localhost:8080>
>         Order deny,allow
>         Allow from all
> </Proxy>
>
> RewriteEngine on
>
> <Location "/">
>         AuthType Basic
>         AuthName "Please log in with your Windows account"
>         AuthBasicProvider ldap
>         AuthLDAPURL [Verified LDAP connection information]
>         AuthzLDAPAuthoritative off
>         AuthLDAPBindDN [Verified DN]
>         AuthLDAPBindPassword [Verified password]
>         Require valid-user
>        RewriteCond %{IS_SUBREQ} ^false$
>        RewriteCond %{LA-U:REMOTE_USER} (.+)
>        RewriteRule . - [E=RU:%1]
>        RequestHeader set REMOTE_USER %{RU}e
> </Location>
>
>
> RewriteRule ^/static/style/(.*)
> /home/hshapiro/software/galaxy/galaxy-dist/static/june_2007_style/blue/$1
> [L]
> RewriteRule ^/static/scripts/(.*)
> /home/hshapiro/software/galaxy/galaxy-dist/static/scripts/packed/$1 [L]
> RewriteRule ^/static/(.*)
> /home/hshapiro/software/galaxy/galaxy-dist/static/$1 [L]
> RewriteRule ^/favicon.ico
> /home/hshapiro/software/galaxy/galaxy-dist/static/favicon.ico [L]
> RewriteRule ^/robots.txt
> /home/hshapiro/software/galaxy/galaxy-dist/static/robots.txt [L]
> RewriteRule ^(.*) <a href="http://localhost:8080$1">http://localhost:8080$1 [P]
>
>
>
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>
>   http://lists.bx.psu.edu/
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/
| Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with Active Directory/LDAP authentication

Harris Shapiro
Hello,

Thanks to everyone for the feedback and suggestions. I was eventually
able to puzzle out what was going awry. The remaining issues turned out
to be:

1) When proxying was enabled, to trigger an authentication request with
the default Galaxy set-up, I needed to use the “localhost” URL, instead
of “localhost:8080”. I guess I might have missed the documentation for
this...

2) Overly aggressive “Security-Enhanced Linux” settings, which were
silently blocking some of the needed HTTP communication. I never did
find any log messages for this; I just guessed it might be an issue and
turned it off. Everything then happily started working...

Anyway, thanks again for the responses and example configuration.

Harris



On 11/27/12 12:08 PM, Carlos Borroto wrote:

> Hi Harris,
>
> I can't pin-point your issue exactly, to be honest I don't quite
> remember how I got to this working configuration. Still please take a
> look at this configuration as I'm using it in almost exactly the same
> enviroment, Centos 6/Apache 2.2.15/Active Directory...
>
> <VirtualHost *:80>
>      ServerAdmin admin@local
>      ServerName galaxy.local:80
>
>      <Proxy http://localhost:8080>
>          Order deny,allow
>          Allow from all
>      </Proxy>
>      RewriteEngine on
>      <Location "/">
>          AuthName "Galaxy BFX"
>          AuthType Basic
>          AuthBasicAuthoritative off
>          AuthBasicProvider ldap
>          AuthzLDAPAuthoritative off
>          AuthLDAPURL [LDAP_URL]
>          AuthLDAPBindDN [DN]
>          AuthLDAPBindPassword [PW]
>          Require valid-user
>          # Set the REMOTE_USER header to the contents of the LDAP query
> response's "uid" attribute
>          RequestHeader set REMOTE_USER %{AUTHENTICATE_sAMAccountName}e
>
>          XSendFile on
>          XSendFilePath /
>      </Location>
>      RewriteRule ^/static/style/(.*)
> /local/opt/galaxy/galaxy-dist/static/june_2007_style/blue/$1 [L]
>      RewriteRule ^/static/scripts/(.*)
> /local/opt/galaxy/galaxy-dist/static/scripts/packed/$1 [L]
>      RewriteRule ^/static/(.*) /local/opt/galaxy/galaxy-dist/static/$1 [L]
>      RewriteRule ^/favicon.ico
> /local/opt/galaxy/galaxy-dist/static/favicon.ico [L]
>      RewriteRule ^/robots.txt /local/opt/galaxy/galaxy-dist/static/robots.txt [L]
>      RewriteRule ^(.*) <a href="http://localhost:8080$1">http://localhost:8080$1 [P]
>
>      ErrorLog logs/galaxy.local-error_log
>      CustomLog logs/galaxy.local-access_log common
> </VirtualHost>
>
> Cheers,
> Carlos
>
> On Mon, Nov 19, 2012 at 12:49 PM, Harris Shapiro <[hidden email]> wrote:
>> Hello,
>>
>> I'm writing because I've been trying for the past few days to configure
>> Galaxy to use Apache-based LDAP authentication, but have reached a point
>> where I'm basically stuck.  The system in a virtual machine running:
>>
>> - CentOS 5.8
>> - Apache 2.2.3
>>
>> I'm trying to configure a Galaxy instance at "localhost:8080", with Active
>> Directory authentication.
>>
>> I started with the admin page documentation:
>>
>> http://wiki.galaxyproject.org/Admin/Config/Apache%20Proxy
>>
>> and also worked through the troubleshooting examples found at:
>>
>> a)
>> http://user.list.galaxyproject.org/Galaxy-Apache-External-Authentication-tt4131493.html#a4131495
>> b)
>> http://gmod.827538.n3.nabble.com/galaxy-dev-ldap-integration-td839409.html
>> c) http://lists.bx.psu.edu/pipermail/galaxy-dev/2010-January/001676.html
>>
>> Following the debugging steps suggested by URL (a), I'm able to verify that:
>>
>> 1) The authentication clause I have works, without rewrite rules and without
>> a proxy.
>> 2) Without rewrite rules and a proxy, the Apache environment has the
>> AUTHENTICATE_SAMACCOUNTNAME and REMOTE_USER environment variables set.
>>
>> Unfortunately, when I turn on the proxy (setting "use_remote_user" and
>> "remote_user_maildomain" in universe_wsgi.ini accordingly), I get the
>> following error message when I try accessing the "localhost:8080" URL, the
>> following error message appears:
>>
>> "Access to Galaxy is denied
>>
>> Galaxy is configured to authenticate users via an external method (such as
>> HTTP authentication in Apache), but a username was not provided by the
>> upstream (proxy) server. This is generally due to a misconfiguration in the
>> upstream server.
>>
>> Please contact your local Galaxy administrator."
>>
>> As suggested by URLs (a) and (c), I modified
>> ./lib/galaxy/web/framework/middleware/remoteuser.py to print the environment
>> seen by that script.  None of the remote user information seems to be making
>> to the script, either from AUTHENTICATE_SAMACCOUNTNAME or REMOTE_USER, no
>> matter which of the suggested combinations of "RewriteCond", "RewriteRule",
>> and "RequestHeader" options I tried.  In addition, the troubleshooting
>> suggestions to force a REMOTE_USER value to be set via a directive like:
>>
>> RequestHeader add REMOTE_USER [user name]
>>
>> also failed to pass REMOTE_USER to the remoteuser.py script.
>>
>> I've included below an extract from the Apache configuration file that I've
>> been trying.  Any advice or assistance that people might be able to provide
>> would be greatly appreciated, and please let me know if you'd need any
>> additional information from me.
>>
>> Sincerely,
>> Harris Shapiro
>> Genomic Health, Inc.
>>
>>
>>
>>
>> Extract from Apache configuration file:
>> Note: I've also tried a variant where I replaced REMOTE_USER with
>> AUTHENTICATE_SAMACCOUNTNAME in the various RewriteCond & RequestHeader
>> directives.  That variant produced the same error message.
>>
>> <Proxy http://localhost:8080>
>>          Order deny,allow
>>          Allow from all
>> </Proxy>
>>
>> RewriteEngine on
>>
>> <Location "/">
>>          AuthType Basic
>>          AuthName "Please log in with your Windows account"
>>          AuthBasicProvider ldap
>>          AuthLDAPURL [Verified LDAP connection information]
>>          AuthzLDAPAuthoritative off
>>          AuthLDAPBindDN [Verified DN]
>>          AuthLDAPBindPassword [Verified password]
>>          Require valid-user
>>         RewriteCond %{IS_SUBREQ} ^false$
>>         RewriteCond %{LA-U:REMOTE_USER} (.+)
>>         RewriteRule . - [E=RU:%1]
>>         RequestHeader set REMOTE_USER %{RU}e
>> </Location>
>>
>>
>> RewriteRule ^/static/style/(.*)
>> /home/hshapiro/software/galaxy/galaxy-dist/static/june_2007_style/blue/$1
>> [L]
>> RewriteRule ^/static/scripts/(.*)
>> /home/hshapiro/software/galaxy/galaxy-dist/static/scripts/packed/$1 [L]
>> RewriteRule ^/static/(.*)
>> /home/hshapiro/software/galaxy/galaxy-dist/static/$1 [L]
>> RewriteRule ^/favicon.ico
>> /home/hshapiro/software/galaxy/galaxy-dist/static/favicon.ico [L]
>> RewriteRule ^/robots.txt
>> /home/hshapiro/software/galaxy/galaxy-dist/static/robots.txt [L]
>> RewriteRule ^(.*) <a href="http://localhost:8080$1">http://localhost:8080$1 [P]
>>
>>
>>
>>
>> ___________________________________________________________
>> Please keep all replies on the list by using "reply all"
>> in your mail client.  To manage your subscriptions to this
>> and other Galaxy lists, please use the interface at:
>>
>>    http://lists.bx.psu.edu/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/
| Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problem with Active Directory/LDAP authentication

Paul Boddie
On 28/11/12 06:12, Harris Shapiro wrote:
> 2) Overly aggressive “Security-Enhanced Linux” settings, which were
> silently blocking some of the needed HTTP communication. I never did
> find any log messages for this; I just guessed it might be an issue
> and turned it off. Everything then happily started working...

Take a look at the following page for some help around Apache and SELinux:

http://selinuxproject.org/page/ApacheRecipes

Paul
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

  http://lists.bx.psu.edu/
Loading...