diff --git a/roles/apache2/defaults/main.yml b/roles/apache2/defaults/main.yml
index c8c6b89..24770e7 100644
--- a/roles/apache2/defaults/main.yml
+++ b/roles/apache2/defaults/main.yml
@@ -1,2 +1,3 @@
 ---
   php: false
+  user_dir: false
diff --git a/roles/apache2/tasks/main.yaml b/roles/apache2/tasks/main.yaml
index e969a7a..414c99c 100644
--- a/roles/apache2/tasks/main.yaml
+++ b/roles/apache2/tasks/main.yaml
@@ -37,3 +37,16 @@
   with_items: "{{ config_names }}"
   when: config_names is defined
   notify: restart apache2
+
+- block:
+    - name: enable apache userdir module
+      apache2_module: state=present name=userdir
+      notify: restart apache2
+
+    - name: create public_html in /etc/skel
+      file:
+        path: /etc/skel/public_html
+        state: directory
+        mode: 660
+
+  when: user_dir | bool
diff --git a/roles/pam-ldap/templates/pam-mkhomedir.j2 b/roles/pam-ldap/templates/pam-mkhomedir.j2
index eedc8b7..c40df8a 100644
--- a/roles/pam-ldap/templates/pam-mkhomedir.j2
+++ b/roles/pam-ldap/templates/pam-mkhomedir.j2
@@ -3,4 +3,4 @@ Default: yes
 Priority: 900
 Session-Type: Additional
 Session:
-        required        pam_mkhomedir.so umask=0022 skel=/etc/skel
+        required        pam_mkhomedir.so umask=0002 skel=/etc/skel