mod-vhost-ldap is an Apache 2.x module for storing and configuring virtual hosts from LDAP. It supports DocumentRoot, ScriptAlias, ServerName, ServerAlias, ServerAdmin, and SuexecUserGroup directives. It's built on top of mod_ldap, so it uses its caching capabilities and can be used with a threaded Apache httpd.
There are several moderately critical bugs in mod_ldap in 2.0.54. If you want to use this module in production you should be aware of:
You can download latest release.
Source code is stored in Git. Read-only git repository can be found at:
git://git.debian.org/git/modvhostldap/modvhostldap/The Git browser is located at:
http://git.debian.org/?p=modvhostldap/modvhostldap.git
An optional DN used to bind to the server when searching for entries. If not provided, mod_vhost_ldap will use an anonymous bind.
A bind password to use in conjunction with the bind DN. Note that the bind password is probably sensitive data, and should be properly protected. You should only use the VhostLDAPBindDN and VhostLDAPBindPassword if you absolutely need them to search the directory.
This directive specifies when mod_vhost_ldap will de-reference aliases during LDAP operations. The default is always.
Set to default virtual host which will be used when requested virtual host is not found by mod_vhost_ldap in LDAP database.
An RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is
ldap://host:port/basedn?attribute?scope?filter
For regular ldap, use the string ldap. For secure
LDAP, use ldaps instead. Secure LDAP is only available
if Apache was linked to an LDAP library with SSL support.
The name/port of the ldap server (defaults to
localhost:389 for ldap, and
localhost:636 for ldaps). To specify
multiple, redundant LDAP servers, just list all servers,
separated by spaces. mod_vhost_ldap will
try connecting to each server in turn, until it makes a
successful connection.
Once a connection has been made to a server, that connection
remains active for the life of the httpd process,
or until the LDAP server goes down.
If the LDAP server goes down and breaks an existing connection, mod_vhost_ldap will attempt to re-connect, starting with the primary server, and trying each redundant server in turn. Note that this is different than a true round-robin search.
The DN of the branch of the directory where all searches should start from. At the very least, this must be the top of your directory tree, but could also specify a subtree in the directory.
The attribute to search for. Don't change search attributes in mod_vhost_ldap or you will break module.
The scope of the search. Can be either one or
sub. Note that a scope of base is
also supported by RFC 2255, but is not supported by this
module. If the scope is not provided, or if base
scope is specified, the default is to use a scope of
sub.
A valid LDAP search filter. If not provided, defaults to
(|(apacheServername=vhost)(apacheServerAlias=vhost)). Filters
are limited to approximately 8000 characters (the definition of
MAX_STRING_LEN in the Apache source code). This
should be than sufficient for any application. Don't change
filter unless you know what you are doing.
Set to off to disable mod_vhost_ldap in certain virtual hosts. This is useful if you have mod_vhost_ldap enabled at or near the top of your tree, but want to disable it completely in certain virtual hosts.
NOTE: Due method which apache uses to choose virtual host (ServerName and ServerAlias) only first virtual host for particular IP address will be used by Apache.
Version 0.2.x development was funded by ACTIVE 24 as a part of global european webhosting project.
Version 2.0.0 development was kindly sponsored by Advantage Interactive for their webhosting brand LCN.