RE: ProFTPd + mod_LDAP + OpenLDAP

To: <debian-user@lists.debian.org>
Subject: RE: ProFTPd + mod_LDAP + OpenLDAP
From: "Jeremy L. Gaddis" <jlgaddis@blueriver.net>
Date: Sat, 12 Jan 2002 21:34:47 -0500
Message-id: <[🔎] HPEJLJPGLJEDODFNGGHMGEAACAAA.jeremy@home.lan>
In-reply-to: <[🔎] E16PaMj-0004ek-00@sledge.mossbank.org.uk>

Hey, sounds good.  I'll mess with this a bit later and
see if I can get it to work.  I ended up creating an
"cn=proftpd,ou=misc,..." entry to my tree with read
access to the userPassword attributes.  I didn't want
to do it this way but someone suggested it and it *did*
work, so...

Anyways, thanks alot.  That sounds like exactly what I
was looking for.

j.

--
Jeremy L. Gaddis     <jlgaddis@blueriver.net>

-----Original Message-----
From: Steve McIntyre [mailto:stevem@chiark.greenend.org.uk]
Sent: Saturday, January 12, 2002 9:27 PM
To: jlgaddis@blueriver.net
Cc: debian-user@lists.debian.org
Subject: Re: ProFTPd + mod_LDAP + OpenLDAP


In article <[🔎] DEEEKMDBPONAICGLFKHDOEAGCAAA.jeremy@home.lan> you write:
>Today I compiled ProFTPd with support for mod_ldap
>(authenticating against OpenLDAP).  I set up proftpd.conf
>as per the documentation and authentication was still
>failing.  After examining the log files for ProFTPd,
>I noticed that it was attempting to lookup various
>attributed in the LDAP server after entering a username
>but before entering a password.  It was attempting to
>get the value of the "userPassword" attribute, which my
>ACLs didn't allow.  After changing OpenLDAP's ACLs to
>the following, user authentication worked:

What I've done for LDAP and proftpd was just use the
already-functional PAM support and not added mod_ldap. Then my
/etc/pam.d/proftpd looks like

==================================================
#%PAM-1.0
auth       required pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
auth sufficient pam_ldap.so
auth required   pam_unix.so nullok

# This is disabled because anonymous logins will fail otherwise,
# unless you give the 'ftp' user a valid shell, or /bin/false and add
# /bin/false to /etc/shells.
#auth       required    pam_shells.so

account sufficient pam_ldap.so
account required   pam_unix.so
session sufficient pam_ldap.so
session required   pam_unix.so
==================================================

and then added the line

PersistentPasswd        off

to /etc/proftpd.conf, which took a while (and some help from the
developers) to work out. Now it all works fine for me.

--
Steve McIntyre, Cambridge, UK.
stevem@chiark.greenend.org.uk
"They say that you play Cambridge twice - once on the way up and once on
the
 way down. It's nice to be back..." --- Armstrong & Miller

Reply to:

References:
- Re: ProFTPd + mod_LDAP + OpenLDAP
  - From: Steve McIntyre <stevem@chiark.greenend.org.uk>

Prev by Date: Palm pilot problems
Next by Date: Re: kstars: problem with libpng
Previous by thread: Re: ProFTPd + mod_LDAP + OpenLDAP
Next by thread: Package Repository
Index(es):
- Date
- Thread