From 7f9875bb3e8210122b73b7a63644d039733d04d6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Tue, 9 Aug 2005 12:14:30 +0000 Subject: [PATCH] initial import of mod-vhost-ldap git-svn-id: svn://svn.debian.org/svn/modvhostldap@1 4dd36cbf-e3fd-0310-983d-db0e06859cf4 --- AUTHORS | 1 + COPYING | 14 ++ ChangeLog | 9 + FILES | 13 ++ INSTALL | 10 + Makefile | 30 +++ README | 6 + TODO | 1 + VERSION | 1 + mod_vhost_ldap.c | 519 ++++++++++++++++++++++++++++++++++++++++++ mod_vhost_ldap.schema | 59 +++++ vhost_ldap.conf | 15 ++ 12 files changed, 678 insertions(+) create mode 100644 AUTHORS create mode 100644 COPYING create mode 100644 ChangeLog create mode 100644 FILES create mode 100644 INSTALL create mode 100644 Makefile create mode 100644 README create mode 100644 TODO create mode 100644 VERSION create mode 100644 mod_vhost_ldap.c create mode 100644 mod_vhost_ldap.schema create mode 100644 vhost_ldap.conf diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..17353ee --- /dev/null +++ b/AUTHORS @@ -0,0 +1 @@ +Ondřej Surý diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..237707e --- /dev/null +++ b/COPYING @@ -0,0 +1,14 @@ +Copyright (c) 2005, Ondrej Sury +All rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..2359641 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,9 @@ +2005-08-02 Ondřej Surý + * Complete rewrite... + * Change apacheUsername to apacheSuexecUid and apacheSuexecGid + +2005-05-25 Ondrej Sury + * Version 0.2.0 + * Renamed to mod_vhost_ldap + * Add ScriptAlias + * Add Suexec Username support diff --git a/FILES b/FILES new file mode 100644 index 0000000..b0c070f --- /dev/null +++ b/FILES @@ -0,0 +1,13 @@ +AUTHORS +vhost_ldap.conf +ChangeLog +COPYING +INSTALL +FILES +Makefile +mod_vhost_ldap.c +mod_vhost_ldap.schema +mod_vhost_ldap.spec +README +TODO +VERSION diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..59d42e5 --- /dev/null +++ b/INSTALL @@ -0,0 +1,10 @@ +Just run "make" to build the module and "make install" (as root) to install +the module. This will use Apache's apxs to build/install from source. + +Have a look at vhost_ldap.conf to learn about configuration. + +Your LDAP server needs to include mod_vhost_ldap.schema. If you do not use +OpenLDAP you are on your own to build a schema. + +You should configure the LDAP server to maintain indices on apacheServerName, +apacheServerAlias and anything you use in your additional search filter. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..6c1dbb3 --- /dev/null +++ b/Makefile @@ -0,0 +1,30 @@ +APXS=apxs2 +VERSION=`cat VERSION` +DISTFILES=`cat FILES` + +all: mod_vhost_ldap.o + +install: + $(APXS) -i mod_vhost_ldap.la + +clean: + rm -f *.o + rm -f *.lo + rm -f *.la + rm -f *.slo + rm -rf .libs + rm -rf mod_vhost_ldap-$(VERSION) + rm -rf mod_vhost_ldap-$(VERSION).tar.gz + +mod_vhost_ldap.o: mod_vhost_ldap.c + $(APXS) -Wc,-Wall -Wc,-Werror -Wc,-g -Wc,-DDEBUG -c -lldap_r mod_vhost_ldap.c + +archive: clean + mkdir mod_vhost_ldap-$(VERSION) + cp $(DISTFILES) mod_vhost_ldap-$(VERSION) + tar czf mod_vhost_ldap-$(VERSION).tar.gz mod_vhost_ldap-$(VERSION) + +format: + indent *.c + +.PHONY: all install clean archive format diff --git a/README b/README new file mode 100644 index 0000000..88e8ed7 --- /dev/null +++ b/README @@ -0,0 +1,6 @@ + mod-vhost-ldap is Apache 2.x module for storing and configuring + Virtual Hosts from LDAP. It supports DocumentRoot, ScriptAlias, + ServerName, ServerAlias, ServerAdmin and SuexecUserGroup directives. + . + It's build on top of mod_ldap, so it uses it's caching capabilities + and can be used with threaded apache. diff --git a/TODO b/TODO new file mode 100644 index 0000000..4135597 --- /dev/null +++ b/TODO @@ -0,0 +1 @@ +* Put back TLS diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..0c62199 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +0.2.1 diff --git a/mod_vhost_ldap.c b/mod_vhost_ldap.c new file mode 100644 index 0000000..c035166 --- /dev/null +++ b/mod_vhost_ldap.c @@ -0,0 +1,519 @@ +/* ============================================================ + * Copyright (c) 2003-2004, Ondrej Sury + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +/* + * mod_vhost_ldap.c --- read virtual host config from LDAP directory + */ + +#include + +#include "httpd.h" +#include "http_config.h" +#include "http_core.h" +#include "http_log.h" +#include "http_request.h" +#include "apr_ldap.h" +#include "apr_strings.h" +#include "apr_reslist.h" +#include "util_ldap.h" + +#ifndef APU_HAS_LDAP +#error mod_vhost_ldap requires APR-util to have LDAP support built in +#endif + +#if !defined(WIN32) && !defined(OS2) && !defined(BEOS) && !defined(NETWARE) +#define HAVE_UNIX_SUEXEC +#endif + +#ifdef HAVE_UNIX_SUEXEC +#include "unixd.h" /* Contains the suexec_identity hook used on Unix */ +#endif + +#define MIN_UID 1000 +#define MIN_GID 1000 + +module AP_MODULE_DECLARE_DATA vhost_ldap_module; + +typedef struct mod_vhost_ldap_config_t { + apr_pool_t *pool; /* Pool that this config is allocated from */ +#if APR_HAS_THREADS + apr_thread_mutex_t *lock; /* Lock for this config */ +#endif + int enabled; /* Is vhost_ldap enabled? */ + + /* These parameters are all derived from the VhostLDAPURL directive */ + char *url; /* String representation of LDAP URL */ + + char *host; /* Name of the LDAP server (or space separated list) */ + int port; /* Port of the LDAP server */ + char *basedn; /* Base DN to do all searches from */ + int scope; /* Scope of the search */ + char *filter; /* Filter to further limit the search */ + deref_options deref; /* how to handle alias dereferening */ + + char *binddn; /* DN to bind to server (can be NULL) */ + char *bindpw; /* Password to bind to server (can be NULL) */ + + int have_ldap_url; /* Set if we have found an LDAP url */ + + int secure; /* True if SSL connections are requested */ +} mod_vhost_ldap_config_t; + +typedef struct mod_vhost_ldap_request_t { + char *dn; /* The saved dn from a successful search */ + char *name; /* ServerName */ + char *admin; /* ServerAdmin */ + char *docroot; /* DocumentRoot */ + char *cgiroot; /* ScripAlias */ + char *uid; /* Suexec Uid */ + char *gid; /* Suexec Gid */ +} mod_vhost_ldap_request_t; + +char *attributes[] = + { "apacheServerName", "apacheServerAdmin", "apacheDocumentRoot", "apacheScriptAlias", "apacheSuexecUid", "apacheSuexecGid", 0 }; + +static int mod_vhost_ldap_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s) +{ + /* make sure that mod_ldap (util_ldap) is loaded */ + if (ap_find_linked_module("util_ldap.c") == NULL) { + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Module mod_ldap missing. Mod_ldap (aka. util_ldap) " + "must be loaded in order for mod_vhost_ldap to function properly"); + return HTTP_INTERNAL_SERVER_ERROR; + + } + + ap_add_version_component(p, "mod_vhost_ldap/0.2.1"); + + return OK; +} + +static void * +mod_vhost_ldap_create_server_config (apr_pool_t *p, server_rec *s) +{ + mod_vhost_ldap_config_t *cfg = + (mod_vhost_ldap_config_t *)apr_pcalloc(p, sizeof (mod_vhost_ldap_config_t)); + + cfg->pool = p; + +#if APR_HAS_THREADS + apr_thread_mutex_create(&cfg->lock, APR_THREAD_MUTEX_DEFAULT, p); +#endif + + cfg->enabled = 0; + cfg->have_ldap_url = 0; + cfg->url = ""; + cfg->host = NULL; + cfg->binddn = NULL; + cfg->bindpw = NULL; + cfg->deref = always; + cfg->secure = 0; + + return cfg; +} + +/* + * Use the ldap url parsing routines to break up the ldap url into + * host and port. + */ +static const char *mod_vhost_ldap_parse_url(cmd_parms *cmd, + void *dummy, + const char *url) +{ + int result; + apr_ldap_url_desc_t *urld; + + mod_vhost_ldap_config_t *cfg = + (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config, + &vhost_ldap_module); + + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, + cmd->server, "[mod_vhost_ldap.c] url parse: `%s'", + url); + + result = apr_ldap_url_parse(url, &(urld)); + if (result != LDAP_SUCCESS) { + switch (result) { + case LDAP_URL_ERR_NOTLDAP: + return "LDAP URL does not begin with ldap://"; + case LDAP_URL_ERR_NODN: + return "LDAP URL does not have a DN"; + case LDAP_URL_ERR_BADSCOPE: + return "LDAP URL has an invalid scope"; + case LDAP_URL_ERR_MEM: + return "Out of memory parsing LDAP URL"; + default: + return "Could not parse LDAP URL"; + } + } + cfg->url = apr_pstrdup(cmd->pool, url); + + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, + cmd->server, "[mod_vhost_ldap.c] url parse: Host: %s", urld->lud_host); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, + cmd->server, "[mod_vhost_ldap.c] url parse: Port: %d", urld->lud_port); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, + cmd->server, "[mod_vhost_ldap.c] url parse: DN: %s", urld->lud_dn); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, + cmd->server, "[mod_vhost_ldap.c] url parse: attrib: %s", urld->lud_attrs? urld->lud_attrs[0] : "(null)"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, + cmd->server, "[mod_vhost_ldap.c] url parse: scope: %s", + (urld->lud_scope == LDAP_SCOPE_SUBTREE? "subtree" : + urld->lud_scope == LDAP_SCOPE_BASE? "base" : + urld->lud_scope == LDAP_SCOPE_ONELEVEL? "onelevel" : "unknown")); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, + cmd->server, "[mod_vhost_ldap.c] url parse: filter: %s", urld->lud_filter); + + /* Set all the values, or at least some sane defaults */ + if (cfg->host) { + char *p = apr_palloc(cmd->pool, strlen(cfg->host) + strlen(urld->lud_host) + 2); + strcpy(p, urld->lud_host); + strcat(p, " "); + strcat(p, cfg->host); + cfg->host = p; + } + else { + cfg->host = urld->lud_host? apr_pstrdup(cmd->pool, urld->lud_host) : "localhost"; + } + cfg->basedn = urld->lud_dn? apr_pstrdup(cmd->pool, urld->lud_dn) : ""; + + cfg->scope = urld->lud_scope == LDAP_SCOPE_ONELEVEL ? + LDAP_SCOPE_ONELEVEL : LDAP_SCOPE_SUBTREE; + + if (urld->lud_filter) { + if (urld->lud_filter[0] == '(') { + /* + * Get rid of the surrounding parens; later on when generating the + * filter, they'll be put back. + */ + cfg->filter = apr_pstrdup(cmd->pool, urld->lud_filter+1); + cfg->filter[strlen(cfg->filter)-1] = '\0'; + } + else { + cfg->filter = apr_pstrdup(cmd->pool, urld->lud_filter); + } + } + else { + cfg->filter = "objectClass=apacheConfig"; + } + + /* "ldaps" indicates secure ldap connections desired + */ + if (strncasecmp(url, "ldaps", 5) == 0) + { + cfg->secure = 1; + cfg->port = urld->lud_port? urld->lud_port : LDAPS_PORT; + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server, + "LDAP: vhost_ldap using SSL connections"); + } + else + { + cfg->secure = 0; + cfg->port = urld->lud_port? urld->lud_port : LDAP_PORT; + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, cmd->server, + "LDAP: vhost_ldap not using SSL connections"); + } + + cfg->have_ldap_url = 1; + apr_ldap_free_urldesc(urld); + return NULL; +} + +static const char *mod_vhost_ldap_set_enabled(cmd_parms *cmd, void *dummy, int enabled) +{ + mod_vhost_ldap_config_t *cfg = + (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config, + &vhost_ldap_module); + + cfg->enabled = enabled; + return NULL; +} + +static const char *mod_vhost_ldap_set_binddn(cmd_parms *cmd, void *dummy, const char *binddn) +{ + mod_vhost_ldap_config_t *cfg = + (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config, + &vhost_ldap_module); + + cfg->binddn = apr_pstrdup(cmd->pool, binddn); + return NULL; +} + +static const char *mod_vhost_ldap_set_bindpw(cmd_parms *cmd, void *dummy, const char *bindpw) +{ + mod_vhost_ldap_config_t *cfg = + (mod_vhost_ldap_config_t *)ap_get_module_config(cmd->server->module_config, + &vhost_ldap_module); + + cfg->bindpw = apr_pstrdup(cmd->pool, bindpw); + return NULL; +} + +static const char *mod_vhost_ldap_set_deref(cmd_parms *cmd, void *dummy, const char *deref) +{ + mod_vhost_ldap_config_t *cfg = + (mod_vhost_ldap_config_t *)ap_get_module_config (cmd->server->module_config, + &vhost_ldap_module); + + if (strcmp(deref, "never") == 0 || strcasecmp(deref, "off") == 0) { + cfg->deref = never; + } + else if (strcmp(deref, "searching") == 0) { + cfg->deref = searching; + } + else if (strcmp(deref, "finding") == 0) { + cfg->deref = finding; + } + else if (strcmp(deref, "always") == 0 || strcasecmp(deref, "on") == 0) { + cfg->deref = always; + } + else { + return "Unrecognized value for VhostLDAPAliasDereference directive"; + } + return NULL; +} + +command_rec mod_vhost_ldap_cmds[] = { + AP_INIT_TAKE1("VhostLDAPURL", mod_vhost_ldap_parse_url, NULL, RSRC_CONF, + "URL to define LDAP connection. This should be an RFC 2255 complaint\n" + "URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]].\n" + "
    \n" + "
  • Host is the name of the LDAP server. Use a space separated list of hosts \n" + "to specify redundant servers.\n" + "
  • Port is optional, and specifies the port to connect to.\n" + "
  • basedn specifies the base DN to start searches from\n" + "
\n"), + + AP_INIT_TAKE1 ("VhostLDAPBindDN", mod_vhost_ldap_set_binddn, NULL, RSRC_CONF, + "DN to use to bind to LDAP server. If not provided, will do an anonymous bind."), + + AP_INIT_TAKE1("VhostLDAPBindPassword", mod_vhost_ldap_set_bindpw, NULL, RSRC_CONF, + "Password to use to bind to LDAP server. If not provided, will do an anonymous bind."), + + AP_INIT_FLAG("VhostLDAPEnabled", mod_vhost_ldap_set_enabled, NULL, RSRC_CONF, + "Set to off to disable vhost_ldap, even if it's been enabled in a higher tree"), + + AP_INIT_TAKE1("VhostLDAPDereferenceAliases", mod_vhost_ldap_set_deref, NULL, RSRC_CONF, + "Determines how aliases are handled during a search. Can bo one of the" + "values \"never\", \"searching\", \"finding\", or \"always\". " + "Defaults to always."), + + {NULL} +}; + +#define FILTER_LENGTH MAX_STRING_LEN +static int +mod_vhost_ldap_translate_name (request_rec * r) +{ + apr_table_t *e; + int failures = 0; + const char **vals = NULL; + char filtbuf[FILTER_LENGTH]; + mod_vhost_ldap_config_t *cfg = + (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, &vhost_ldap_module); + + util_ldap_connection_t *ldc = NULL; + int result = 0; + const char *dn = NULL; + char *cgi; + + mod_vhost_ldap_request_t *req = + (mod_vhost_ldap_request_t *)apr_pcalloc(r->pool, sizeof(mod_vhost_ldap_request_t)); + ap_set_module_config(r->request_config, &vhost_ldap_module, req); + + if (!cfg->enabled) { + return DECLINED; + } + + if (!cfg->have_ldap_url) { + return DECLINED; + } + +start_over: + + if (cfg->host) { + ldc = util_ldap_connection_find(r, cfg->host, cfg->port, + cfg->binddn, cfg->bindpw, cfg->deref, + cfg->secure); + } + else { + ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r, + "[mod_vhost_ldap.c] translate: no sec->host - weird...?"); + return DECLINED; + } + + ap_log_rerror (APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, + "[mod_vhost_ldap.c]: translating %s", r->parsed_uri.path); + + apr_snprintf(filtbuf, FILTER_LENGTH, "(&(%s)(|(apacheServerName=%s)(apacheServerAlias=%s)))", cfg->filter, r->hostname, r->hostname); + + result = util_ldap_cache_getuserdn(r, ldc, cfg->url, cfg->basedn, cfg->scope, + attributes, filtbuf, &dn, &vals); + + util_ldap_connection_close(ldc); + + /* sanity check - if server is down, retry it up to 5 times */ + if (result == LDAP_SERVER_DOWN) { + if (failures++ <= 5) { + goto start_over; + } + } + + /* handle bind failure */ + if (result != LDAP_SUCCESS) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r, + "[mod_vhost_ldap.c] translate: " + "translate failed; URI %s [%s][%s]", + r->parsed_uri.path, ldc->reason, ldap_err2string(result)); + return DECLINED; + } + + /* mark the user and DN */ + req->dn = apr_pstrdup(r->pool, dn); + + /* Optimize */ + if (vals) { + int i = 0; + while (attributes[i]) { + + if (strcasecmp (attributes[i], "apacheServerName") == 0) { + req->name = apr_pstrdup (r->pool, vals[i]); + } + else if (strcasecmp (attributes[i], "apacheServerAdmin") == 0) { + req->admin = apr_pstrdup (r->pool, vals[i]); + } + else if (strcasecmp (attributes[i], "apacheDocumentRoot") == 0) { + req->docroot = apr_pstrdup (r->pool, vals[i]); + } + else if (strcasecmp (attributes[i], "apacheScriptAlias") == 0) { + req->cgiroot = apr_pstrdup (r->pool, vals[i]); + } + else if (strcasecmp (attributes[i], "apacheSuexecUid") == 0) { + req->uid = apr_pstrdup(r->pool, vals[i]); + } + else if (strcasecmp (attributes[i], "apacheSuexecGid") == 0) { + req->gid = apr_pstrdup(r->pool, vals[i]); + } + i++; + } + } + + if ((req->name == NULL)||(req->docroot == NULL)) { + ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r, + "[mod_vhost_ldap.c] translate: " + "translate failed; ServerName or DocumentRoot not defined"); + return DECLINED; + } + + cgi = NULL; + + if (req->cgiroot) { + cgi = strstr(r->parsed_uri.path, "cgi-bin/"); + if (cgi && (cgi != r->uri + strspn(r->parsed_uri.path, "/"))) { + cgi = NULL; + } + + if (cgi) { + r->filename = + apr_pstrcat (r->pool, req->cgiroot, cgi + strlen("cgi-bin"), NULL); + r->handler = "cgi-script"; + apr_table_setn(r->notes, "alias-forced-type", r->handler); + } else { + + r->filename = + apr_pstrcat (r->pool, req->docroot, r->parsed_uri.path, NULL); + } + } + + r->server->server_hostname = apr_pstrdup (r->pool, req->name); + + if (req->admin) { + r->server->server_admin = apr_pstrdup (r->pool, req->admin); + } + + // set environment variables + e = r->subprocess_env; + apr_table_addn (e, "SERVER_ROOT", req->docroot); + + ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, + "[mod_vhost_ldap.c]: translated to %s", r->filename); + + return OK; +} + +#ifdef HAVE_UNIX_SUEXEC +static ap_unix_identity_t *mod_vhost_ldap_get_suexec_id_doer(const request_rec * r) +{ + ap_unix_identity_t *ugid = NULL; + mod_vhost_ldap_config_t *cfg = + (mod_vhost_ldap_config_t *)ap_get_module_config(r->server->module_config, + &vhost_ldap_module); + mod_vhost_ldap_request_t *req = + (mod_vhost_ldap_request_t *)ap_get_module_config(r->request_config, + &vhost_ldap_module); + + uid_t uid = -1; + gid_t gid = -1; + + // mod_vhost_ldap is disabled + if (!cfg->enabled) { + return NULL; + } + + if ((req == NULL)||(req->uid == NULL)||(req->gid == NULL)) { + return NULL; + } + + if ((ugid = apr_palloc(r->pool, sizeof(ap_unix_identity_t))) == NULL) { + return NULL; + } + + uid = (uid_t)atoll(req->uid); + gid = (gid_t)atoll(req->gid); + + if ((uid <= MIN_UID)||(gid <= MIN_GID)) { + return NULL; + } + + ugid->uid = uid; + ugid->gid = gid; + ugid->userdir = 0; + + return ugid; +} +#endif + +static void +mod_vhost_ldap_register_hooks (apr_pool_t * p) +{ + ap_hook_post_config(mod_vhost_ldap_post_config, NULL, NULL, APR_HOOK_MIDDLE); + ap_hook_translate_name(mod_vhost_ldap_translate_name, NULL, NULL, APR_HOOK_MIDDLE); +#ifdef HAVE_UNIX_SUEXEC + ap_hook_get_suexec_identity(mod_vhost_ldap_get_suexec_id_doer, NULL, NULL, APR_HOOK_MIDDLE); +#endif +} + +module AP_MODULE_DECLARE_DATA vhost_ldap_module = { + STANDARD20_MODULE_STUFF, + NULL, + NULL, + mod_vhost_ldap_create_server_config, + NULL, + mod_vhost_ldap_cmds, + mod_vhost_ldap_register_hooks, +}; diff --git a/mod_vhost_ldap.schema b/mod_vhost_ldap.schema new file mode 100644 index 0000000..8243140 --- /dev/null +++ b/mod_vhost_ldap.schema @@ -0,0 +1,59 @@ +## +## OIDs are owned by Globe Internet +## +## 1.3.6.1.4.1.14287.1.x - mod_vhost_ldap +## 1.3.6.1.4.1.14287.1.1.x - attributetypes +## 1.3.6.1.4.1.14287.1.2.x - objectclasses +## + +attributetype ( 1.3.6.1.4.1.8387.1.1.2 NAME 'apacheServerName' + SUP name + DESC 'mod_vhost_ldap: Apache ServerName' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.8387.1.1.3 NAME 'apacheServerAlias' + SUP name + DESC 'mod_vhost_ldap: Apache ServerAlias' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 1.3.6.1.4.1.8387.1.1.4 NAME 'apacheDocumentRoot' + SUP name + DESC 'mod_vhost_ldap: Apache DocumentRoot' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.8387.1.1.5 NAME 'apacheServerAdmin' + SUP name + DESC 'mod_vhost_ldap: Apache ServerAdmin' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.8387.1.1.6 NAME 'apacheSuexecUid' + SUP name + DESC 'mod_vhost_ldap: Apache SuexecUid' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.8387.1.1.6 NAME 'apacheSuexecGid' + SUP name + DESC 'mod_vhost_ldap: Apache SuexecGid' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + SINGLE-VALUE ) + +objectclass ( 1.3.6.1.4.1.8387.1.2.1 NAME 'apacheConfig' + SUP 'top' AUXILIARY + MUST ( apacheServerName $ apacheDocumentRoot ) + MAY ( apacheServerAlias $ apacheServerAdmin ) ) diff --git a/vhost_ldap.conf b/vhost_ldap.conf new file mode 100644 index 0000000..42889ab --- /dev/null +++ b/vhost_ldap.conf @@ -0,0 +1,15 @@ +# +# mod_cfg_ldap allows you to keep your virtual host configuration +# in an LDAP directory and update it in nearly realtime. +# + +### you have to configure and enable it first ### + +LoadModule cfg_ldap_module modules/mod_cfg_ldap.so + + + VhostLDAPEnabled on + VhostLDAPUrl "ldap://127.0.0.1/ou=vhosts,ou=web,dc=localhost" + VhostLdapBindDN "cn=admin,dc=localhost" + VhostLDAPBindPassword "" + -- 2.45.1