Configuring Apache dynamic virtualhosts with LDAP and mod_vhost_ldap_ng

Here we are going to describe a dynamic virtualhosting environment working with Apache 2.2, OpenLDAP, Suexec, FastCGI and mod_vhost_ldap_ng on a debian lenny.


Start with download and installing mod_vhost_ldap_ng:

git clone git://

this will create the directory mod_vhost_ldap_ng.


Compile and install the module go inside and type:

sudo make install

To compile with mod_php support (for open_basedir and include_path) compile with (be sure mod_php is loaded into apache!):

./configure --enable-php

PHP support enables:

  • phpIncludePath: in both config files and LDAP attribute;
  • phpOpenBasedir: LDAP attribute.

If√ā¬†phpOpenBasedir isn’t set in LDAP mod_vhost_ldap_ng will set PHP open_basedir to apacheDocumentRoot!


Inside the tarball there is a template configuration (vhost_ldap_ng.conf.dist, vhost_ldap_ng.load.dist), put the configuration files in /etc/apache2/mods-available/ renaming to .conf and .load.

Enable the module with:

a2enmod vhost_ldap_ng

Now edit /etc/apache2/mods-available/vhost_ldap_ng.conf :

VhostLDAPUrl  "ldap://"
VhostLdapBindDN "cn=admin,dc=ardeek,dc=com"
VhostLDAPBindPassword "secret"
VhostLDAPRootDir "/var/www/"

LDAPUrl is a classic LDAP URI, don’t specify any “attribute” or the module may not work correctly.
VhostLDAPRootDir allow us to specify a root directory for our virtualhosts that will be applied to all relative paths found in configuration, for example:

apacheScriptAlias /cgi-bin/ test/cgi-bin/

works like:

apacheScriptAlias /cgi-bin/ /var/www/test/cgi-bin/

Once module is configured we have to skip the LDAP configuration for file virtualhosts this way:

VhostLDAPEnabled off

The module needs a default virtualhost configured in apache, on debian just leave sites-enabled/default untouched, or configure one like this:

        ServerName localhost
        DocumentRoot /var/www-localhost

Once all is configured restart apache.

LDAP Server configuration

Now we have to configure OpenLDAP to support the apacheConfig LDAP schema:
let’s copy mod_vhost_ldap_ng.schema from sources directory to /etc/ldap/schema/ and edit slapd.conf adding the following line at the BEGINNING:

include         /etc/ldap/schema/mod_vhost_ldap.schema

Search for keyword ‘index’ in slapd.conf and add:

index           apacheServerName,apacheServerAlias eq

Run slapindex as ldap user to rebuild OpenLDAP indexes:

slapindex -f /etc/ldap/slapd.conf

Following an example vhost configuration in LDIF format:

objectClass: dcObject
objectClass: top
objectClass: apacheConfig
structuralObjectClass: apacheConfig
creatorsName: cn=admin,dc=example,dc=com
apacheVhostEnabled: yes
apacheSuexecGid: users
apacheSuexecUid: user1
apacheAlias: asdasd
apacheScriptAlias: /cgi-bin/

Have a look at apacheScriptAlias, this permit a dymanic FastCGI configuration with mod_action and mod_alias as described here


3 Replies to “Configuring Apache dynamic virtualhosts with LDAP and mod_vhost_ldap_ng”

  1. Is there any chance in adding configurations like

    AllowOverride All


    php_admin_value open_basedir “”
    php_admin_value upload_tmp_dir “”
    php_admin_value session.save_path “”
    php_admin_value sendmail_from “”
    php_admin_value sendmail_path “”

    1. You can already set openbase in config. About other php parameters: i didn’t have much time to develop new funcions, anyway… everything is possible :P

  2. Don’t cut price – without an equivalent exchange in value or a reduction in your costs.

    The shelving would ideally be adjustable so books can be stored upright and central to the shelve, again to promote air circulation. I could have easily ordered a super-sized #5 with extra
    cheesy sauce and the 5,000 empty calories that came with it during my fast-food drive-thru experience or I could get creative.

Leave a Reply

Your e-mail address will not be published. Required fields are marked *