mod-vhost-ldap is an Apache 2.x module for storing and configuring virtual hosts from LDAP. It supports DocumentRoot, ScriptAlias, ServerName, ServerAlias, ServerAdmin, and SuexecUserGroup directives. It's built on top of mod_ldap, so it uses its caching capabilities and can be used with a threaded Apache httpd.
There are several moderately critical bugs in mod_ldap in 2.0.54. If you want to use this module in production you should be aware of:
You can download latest release.
Source code is stored in Git. Read-only git repository can be found at:
An optional DN used to bind to the server when searching for entries. If not provided, mod_vhost_ldap will use an anonymous bind.
A bind password to use in conjunction with the bind DN. Note that the bind password is probably sensitive data, and should be properly protected. You should only use the VhostLDAPBindDN and VhostLDAPBindPassword if you absolutely need them to search the directory.
This directive specifies when mod_vhost_ldap will de-reference aliases during LDAP operations. The default is always.
Set to default virtual host which will be used when requested virtual host is not found by mod_vhost_ldap in LDAP database.
An RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is
For regular ldap, use the string
ldap. For secure
ldaps instead. Secure LDAP is only available
if Apache was linked to an LDAP library with SSL support.
The name/port of the ldap server (defaults to
ldaps). To specify
multiple, redundant LDAP servers, just list all servers,
separated by spaces. mod_vhost_ldap will
try connecting to each server in turn, until it makes a
Once a connection has been made to a server, that connection
remains active for the life of the
or until the LDAP server goes down.
If the LDAP server goes down and breaks an existing connection, mod_vhost_ldap will attempt to re-connect, starting with the primary server, and trying each redundant server in turn. Note that this is different than a true round-robin search.
The DN of the branch of the directory where all searches should start from. At the very least, this must be the top of your directory tree, but could also specify a subtree in the directory.
The attribute to search for. Don't change search attributes in mod_vhost_ldap or you will break module.
The scope of the search. Can be either
sub. Note that a scope of
also supported by RFC 2255, but is not supported by this
module. If the scope is not provided, or if
scope is specified, the default is to use a scope of
A valid LDAP search filter. If not provided, defaults to
are limited to approximately 8000 characters (the definition of
MAX_STRING_LEN in the Apache source code). This
should be than sufficient for any application. Don't change
filter unless you know what you are doing.
Set to off to disable mod_vhost_ldap in certain virtual hosts. This is useful if you have mod_vhost_ldap enabled at or near the top of your tree, but want to disable it completely in certain virtual hosts.
NOTE: Due method which apache uses to choose virtual host (ServerName and ServerAlias) only first virtual host for particular IP address will be used by Apache.
Version 0.2.x development was funded by ACTIVE 24 as a part of global european webhosting project.