[Zope] Help with Apache and Plone & Zope Intranet configurations

[Daniel Berhane]

We are in the process of setting up access control for our new Intranet 
which is Plone and Zope application running on port 8080. The access 
control should allow all our company users within the Firewall read 
access to the Intranet server without login. Outside the Firewall, all 
users have to authenticate to have read access.

We are using Apache modules mod_auth_ldap for access control and 
mod_rewrite to map the URL and into a shorter friendly domain name with 
the standard http port 80. The mod_auth_ldap configuration and 
mod_rewrite configuration work well separately but create problems when 
we try to put them together. The main problem, we have is the 
authentication directives work only under the context of "directory" and 
because the Plone & Zope is a separate application server running under 
a different port, the mod_rewrite module can not be run under the 
context of "directory". Please have a look at the current Apache 
configuration below.  The mod_rewrite part works OK but no 
authentication happens. There may be another solution to the problem and 
I would be grateful to hear your comments and suggestions. I know the 
information I've given you may not be detailed enough, but I will be 
happy to discuss it with you if you need more details ...


<VirtualHost *:80>

ServerName intranet.mycompany.com
RewriteEngine On
RewriteRule ^/(.*) 
http://localhost:8080/VirtualHostBase/http/intranet.mycompany.com:80/Plone/VirtualHostRoot/$1 
[L,P]

<Directory />

order deny,allow
deny from all
allow from 172.24

AuthType Basic
AuthName "Company Intranet"
LDAP_Debug On
LDAP_Server ldap.company.com
LDAP_Connect_Timeout 1000
Base_DN "o=company"
require valid-user
Satisfy any
</Directory>
</VirtualHost>



thanks,
Daniel.