Here we are going to describe a dynamic virtualhosting environment working with Apache 2.2, OpenLDAP, Suexec, FastCGI and mod_vhost_ldap_ng on a debian lenny.
Download
Start with download and installing mod_vhost_ldap_ng:
git clone git://github.com/Ardeek/mod-vhost-ldap-ng.git |
this will create the directory mod_vhost_ldap_ng.
Compile
Compile and install the module go inside and type:
./configure make sudo make install |
To compile with mod_php support (for open_basedir and include_path) compile with (be sure mod_php is loaded into apache!):
./configure --enable-php make |
PHP support enables:
- phpIncludePath: in both config files and LDAP attribute;
- phpOpenBasedir: LDAP attribute.
If phpOpenBasedir isn’t set in LDAP mod_vhost_ldap_ng will set PHP open_basedir to apacheDocumentRoot!
Configure
Inside the tarball there is a template configuration (vhost_ldap_ng.conf.dist, vhost_ldap_ng.load.dist), put the configuration files in /etc/apache2/mods-available/ renaming to .conf and .load.
Enable the module with:
a2enmod vhost_ldap_ng |
Now edit /etc/apache2/mods-available/vhost_ldap_ng.conf :
VhostLDAPUrl "ldap://127.0.0.1/searchbase?attributes?scope?filter" VhostLdapBindDN "cn=admin,dc=ardeek,dc=com" VhostLDAPBindPassword "secret" VhostLDAPRootDir "/var/www/" |
LDAPUrl is a classic LDAP URI, don’t specify any “attribute” or the module may not work correctly.
VhostLDAPRootDir allow us to specify a root directory for our virtualhosts that will be applied to all relative paths found in configuration, for example:
apacheScriptAlias /cgi-bin/ test/cgi-bin/ |
works like:
apacheScriptAlias /cgi-bin/ /var/www/test/cgi-bin/ |
Once module is configured we have to skip the LDAP configuration for file virtualhosts this way:
VhostLDAPEnabled off |
IMPORTANT NOTE:
The module needs a default virtualhost configured in apache, on debian just leave sites-enabled/default untouched, or configure one like this:
ServerName localhost
DocumentRoot /var/www-localhost |
Once all is configured restart apache.
LDAP Server configuration
Now we have to configure OpenLDAP to support the apacheConfig LDAP schema:
let’s copy mod_vhost_ldap_ng.schema from sources directory to /etc/ldap/schema/ and edit slapd.conf adding the following line at the BEGINNING:
include /etc/ldap/schema/mod_vhost_ldap.schema |
Search for keyword ‘index’ in slapd.conf and add:
index apacheServerName,apacheServerAlias eq |
Run slapindex as ldap user to rebuild OpenLDAP indexes:
slapindex -f /etc/ldap/slapd.conf |
Following an example vhost configuration in LDIF format:
dn: dc=test.it,ou=domains,dc=example,dc=com objectClass: dcObject objectClass: top objectClass: apacheConfig structuralObjectClass: apacheConfig creatorsName: cn=admin,dc=example,dc=com apacheDocumentRoot: test.it/html apacheVhostEnabled: yes dc: test.it apacheServerAlias: www.test.it apacheServerName: test.it apacheSuexecGid: users apacheSuexecUid: user1 apacheAlias: asdasd test.it/html/asd.html apacheScriptAlias: /cgi-bin/ test.it/cgi-bin/ |
Have a look at apacheScriptAlias, this permit a dymanic FastCGI configuration with mod_action and mod_alias as described here
Is there any chance in adding configurations like
AllowOverride All
and
php_admin_value open_basedir “”
php_admin_value upload_tmp_dir “”
php_admin_value session.save_path “”
php_admin_value sendmail_from “”
php_admin_value sendmail_path “”
You can already set openbase in config. About other php parameters: i didn’t have much time to develop new funcions, anyway… everything is possible :P
Don’t cut price – without an equivalent exchange in value or a reduction in your costs.
The shelving would ideally be adjustable so books can be stored upright and central to the shelve, again to promote air circulation. I could have easily ordered a super-sized #5 with extra
cheesy sauce and the 5,000 empty calories that came with it during my fast-food drive-thru experience or I could get creative.