-#
-# mod_vhost_ldap allows you to keep your virtual host configuration
-# in an LDAP directory and update it in nearly realtime.
-#
-
-### NOTE ###
### mod_vhost_ldap depends on mod_ldap ###
### you have to enable mod_ldap as well ###
+### and probably set various cache options for it ###
+
+###scope values: base, one, sub
+###deref values: never, finding, searching, always
+###remember, user specified filter is checked as RFC-defined ldap filter before substitution
+###user filter specified here results with following internal filters and variables:
+### _A_ is the server name from the request (vhost server name to find)
+### _B_ is the uri for which access control is to be determined
+### _C_ is the name of the require valid-user directive (auth prompt message)
+### _D_ is the the user-defined filter
+### _E_ is the protected physical directory (doesn't need to be existing file or dir)
+### _F_ is the alias location uri
+### _G_ is the protected uri for which access control is to be determined (see _E_)
+### _H_ is the alias uri which is to be aliased to specified directory
+### Each use of search filter is logged with debug level
+
+#####################################################################
+### Vhost search
+### (&(_D_)(|(apacheServerName=_A_)(apacheServerAlias=_A_)))
+#####################################################################
+### Protected Location Search
+### (&(_D_)(apacheExtConfigServerName=_A_)(apacheExtConfigUri=_B_))
+#####################################################################
+### Protected Directory Search
+### (&(_D_)(apacheExtConfigPath=_E_))
+#####################################################################
+### Alias Object Search
+### (&(_D_)(apacheAliasConfigServerName=_A_)(apacheAliasConfigSourceUri=_H_))
+#####################################################################
+### Web user Location Search
+### (&(_D_)(objectClass=apacheExtendedConfigUserObject)(apacheExtConfigUserServerName=_A_)(apacheExtConfigUserLocationUri=_G_))
+#####################################################################
+### Web user Directory Search
+### (&(_D_)(objectClass=apacheExtendedConfigUserObject)(apacheExtConfigUserDirectoryName=_E_))
+##################################
+
+### ldap[si]://host[:port]/basedn[?attrib[?scope[?filter]]]
+
+ VhostLdapEnabled On
+ VhostLdapUrl ldap[si]://host[:port]/basedn[?attrib[?scope[?filter]]]
+ #VhostLdapUrl ldap://hostname:389/dc=foo,dc=bar?*?sub?objectClass=activeObject
+ VhostLdapBindDn "cn=read only apache admin,dc=foo,dc=bar"
+ VhostLdapBindPw "secretpassword"
+ VhostLdapWlcBaseDn "ou=webAccess,dc=foo,dc=bar"
+ VhostLdapWucBaseDn "ou=webAccounts,dc=foo,dc=bar"
+ VhostLdapAliasesBaseDn "ou=webAliases,dc=foo,dc=bar"
+ VhostLdapDeref "never"
+ VhostLdapFallback default
+ VhostAliasesEnabled On
+ VhostLocAuthEnabled On
+ VhostDirAuthEnabled On
-LoadModule vhost_ldap_module modules/mod_vhost_ldap.so
-<IfModule mod_vhost_ldap.c>
- VhostLDAPEnabled on
- VhostLDAPUrl "ldap://127.0.0.1/ou=vhosts,ou=web,dc=localhost"
- VhostLdapBindDN "cn=admin,dc=localhost"
- VhostLDAPBindPassword "changeme"
-</IfModule>