Proftpd: GID lookups with ldap

To: debian-user@lists.debian.org
Subject: Proftpd: GID lookups with ldap
From: "Ing. Christian Sudec" <c.sudec@htlwrn.ac.at>
Date: Tue, 19 Jul 2005 12:57:22 +0200
Message-id: <[🔎] 42DCDC92.8060406@htlwrn.ac.at>
Hi there,

I recently installed sarge with proftpd-ldap. Authentication works fine,
also upload/download, but UIDs and GIDs are not resolved via ldap. A "ls"
shows only "(?)" at their positions. Since all other services work & resolve
fine, the problem must be proftpd. Here's the relevant part of my configuration:

<snip>
LDAPServer              w.x.y.z
LDAPQueryTimeout        10
LDAPNegativeCache       Off
LDAPAuthBinds           on

#LDAPDoAuth             on "ou=people,ou=insecure,o=company,c=xy" "(uid=%v)"
LDAPDoAuth              on uid=%v,ou=people,ou=insecure,o=company,c=xy

LDAPSearchScope         "ou=people,ou=insecure,o=company,c=xy"

#LDAPDoUIDLookups       on "ou=people,ou=insecure,o=company,c=xy" "(uidNumber=%v)"
LDAPDoUIDLookups        on "ou=people,ou=insecure,o=company,c=xy" "(&(uidNumber=%v)(objectclass=posixAccount))"

LDAPDoGIDLookups        on "ou=group,ou=insecure,o=company,c=xy" "(gidNumber=%v)"
#LDAPDoGIDLookups       on "ou=group,ou=insecure,o=company,c=xy" "(&(gidNumber=%v)(objectclass=posixGroup))"
</snip>

(I tried it also in any combination with the outcommented parts as other people told me,
but still no effect; also: I don't use TLS, since the server is on the internal network
(and yeah, I know about the security risks)).

I also tried to get some useful debugging information with the "-nd5"-Option. Heres
the output of the login-procedure:

<snip>
edvoftp (127.0.0.1[127.0.0.1]) - FTP session requested from unknown class
edvoftp (127.0.0.1[127.0.0.1]) - mod_delay/0.4: opening DelayTable '/var/run/proftpd/proftpd.delay'
edvoftp (127.0.0.1[127.0.0.1]) - ident lookup disabled
edvoftp (127.0.0.1[127.0.0.1]) - connected - local  : 127.0.0.1:21
edvoftp (127.0.0.1[127.0.0.1]) - connected - remote : 127.0.0.1:34144
edvoftp (127.0.0.1[127.0.0.1]) - FTP session opened.
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'USER sv' to mod_rewrite
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'USER sv' to mod_tls
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'USER sv' to mod_core
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'USER sv' to mod_core
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'USER sv' to mod_delay
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'USER sv' to mod_auth
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endpwent" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endpwent" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endgrent" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endgrent" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching CMD command 'USER sv' to mod_ratio
edvoftp (127.0.0.1[127.0.0.1]) - dispatching CMD command 'USER sv' to mod_auth
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "getgroups" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "getgroups" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching POST_CMD command 'USER sv' to mod_delay
edvoftp (127.0.0.1[127.0.0.1]) - mod_delay/0.4: selecting median interval from 10 values
edvoftp (127.0.0.1[127.0.0.1]) - dispatching LOG_CMD command 'USER sv' to mod_log
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_rewrite
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_tls
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_wrap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endpwent" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endpwent" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endgrent" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endgrent" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching CMD command 'PASS (hidden)' to mod_auth
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "getgroups" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "getgroups" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "getpwnam" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "getpwnam" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "gid_name" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "gid_name" to module mod_auth_file
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "gid_name" to module mod_auth_unix
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "auth" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "auth" to module mod_tls
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "auth" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "check" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "check" to module mod_tls
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "check" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "setgrent" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "setgrent" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) -
</snip>

And here some debugging while doing an ls:
<snip>
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'LIST' to mod_rewrite
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'LIST' to mod_tls
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'LIST' to mod_core
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'LIST' to mod_core
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'LIST' to mod_ratio
edvoftp (127.0.0.1[127.0.0.1]) - dispatching CMD command 'LIST' to mod_ls
edvoftp (127.0.0.1[127.0.0.1]) - active data connection opened - local  : 127.0.0.1:20
edvoftp (127.0.0.1[127.0.0.1]) - active data connection opened - remote : 127.0.0.1:34148
edvoftp (127.0.0.1[127.0.0.1]) - in dir_check_full(): path = '/teachers/sv', fullpath = '/home/teachers/sv'.
edvoftp (127.0.0.1[127.0.0.1]) - in dir_check_full(): path = '/teachers/sv/Desktop', fullpath = '/home/teachers/sv/Desktop'.
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "gid_name" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "gid_name" to module mod_auth_file
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "gid_name" to module mod_auth_unix
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "uid_name" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "uid_name" to module mod_auth_file
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "uid_name" to module mod_auth_unix
</snip>

As you can see, auth request "getgroups" is passed to mod_ldap (at login), but "gid_name"/"uid_name" isn't
(neither at login nor while doing ls) - could this be a bug?

thanx in advance
Chris
Reply to:
Prev by Date: Can't open default sound device!
Next by Date: Re: Cd writing tool under Linux
Previous by thread: Re: Can't open default sound device!
Next by thread: Re: Two sound problems
Index(es):
- Date
- Thread