Proftpd: GID lookups with ldap
Hi there,
I recently installed sarge with proftpd-ldap. Authentication works fine,
also upload/download, but UIDs and GIDs are not resolved via ldap. A "ls"
shows only "(?)" at their positions. Since all other services work & resolve
fine, the problem must be proftpd. Here's the relevant part of my configuration:
<snip>
LDAPServer w.x.y.z
LDAPQueryTimeout 10
LDAPNegativeCache Off
LDAPAuthBinds on
#LDAPDoAuth on "ou=people,ou=insecure,o=company,c=xy" "(uid=%v)"
LDAPDoAuth on uid=%v,ou=people,ou=insecure,o=company,c=xy
LDAPSearchScope "ou=people,ou=insecure,o=company,c=xy"
#LDAPDoUIDLookups on "ou=people,ou=insecure,o=company,c=xy" "(uidNumber=%v)"
LDAPDoUIDLookups on "ou=people,ou=insecure,o=company,c=xy" "(&(uidNumber=%v)(objectclass=posixAccount))"
LDAPDoGIDLookups on "ou=group,ou=insecure,o=company,c=xy" "(gidNumber=%v)"
#LDAPDoGIDLookups on "ou=group,ou=insecure,o=company,c=xy" "(&(gidNumber=%v)(objectclass=posixGroup))"
</snip>
(I tried it also in any combination with the outcommented parts as other people told me,
but still no effect; also: I don't use TLS, since the server is on the internal network
(and yeah, I know about the security risks)).
I also tried to get some useful debugging information with the "-nd5"-Option. Heres
the output of the login-procedure:
<snip>
edvoftp (127.0.0.1[127.0.0.1]) - FTP session requested from unknown class
edvoftp (127.0.0.1[127.0.0.1]) - mod_delay/0.4: opening DelayTable '/var/run/proftpd/proftpd.delay'
edvoftp (127.0.0.1[127.0.0.1]) - ident lookup disabled
edvoftp (127.0.0.1[127.0.0.1]) - connected - local : 127.0.0.1:21
edvoftp (127.0.0.1[127.0.0.1]) - connected - remote : 127.0.0.1:34144
edvoftp (127.0.0.1[127.0.0.1]) - FTP session opened.
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'USER sv' to mod_rewrite
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'USER sv' to mod_tls
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'USER sv' to mod_core
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'USER sv' to mod_core
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'USER sv' to mod_delay
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'USER sv' to mod_auth
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endpwent" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endpwent" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endgrent" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endgrent" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching CMD command 'USER sv' to mod_ratio
edvoftp (127.0.0.1[127.0.0.1]) - dispatching CMD command 'USER sv' to mod_auth
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "getgroups" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "getgroups" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching POST_CMD command 'USER sv' to mod_delay
edvoftp (127.0.0.1[127.0.0.1]) - mod_delay/0.4: selecting median interval from 10 values
edvoftp (127.0.0.1[127.0.0.1]) - dispatching LOG_CMD command 'USER sv' to mod_log
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_rewrite
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_tls
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_wrap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endpwent" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endpwent" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endgrent" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "endgrent" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching CMD command 'PASS (hidden)' to mod_auth
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "getgroups" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "getgroups" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "getpwnam" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "getpwnam" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "gid_name" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "gid_name" to module mod_auth_file
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "gid_name" to module mod_auth_unix
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "auth" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "auth" to module mod_tls
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "auth" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "check" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "check" to module mod_tls
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "check" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "setgrent" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "setgrent" to module mod_ldap
edvoftp (127.0.0.1[127.0.0.1]) -
</snip>
And here some debugging while doing an ls:
<snip>
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'LIST' to mod_rewrite
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'LIST' to mod_tls
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'LIST' to mod_core
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'LIST' to mod_core
edvoftp (127.0.0.1[127.0.0.1]) - dispatching PRE_CMD command 'LIST' to mod_ratio
edvoftp (127.0.0.1[127.0.0.1]) - dispatching CMD command 'LIST' to mod_ls
edvoftp (127.0.0.1[127.0.0.1]) - active data connection opened - local : 127.0.0.1:20
edvoftp (127.0.0.1[127.0.0.1]) - active data connection opened - remote : 127.0.0.1:34148
edvoftp (127.0.0.1[127.0.0.1]) - in dir_check_full(): path = '/teachers/sv', fullpath = '/home/teachers/sv'.
edvoftp (127.0.0.1[127.0.0.1]) - in dir_check_full(): path = '/teachers/sv/Desktop', fullpath = '/home/teachers/sv/Desktop'.
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "gid_name" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "gid_name" to module mod_auth_file
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "gid_name" to module mod_auth_unix
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "uid_name" to module mod_radius
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "uid_name" to module mod_auth_file
edvoftp (127.0.0.1[127.0.0.1]) - dispatching auth request "uid_name" to module mod_auth_unix
</snip>
As you can see, auth request "getgroups" is passed to mod_ldap (at login), but "gid_name"/"uid_name" isn't
(neither at login nor while doing ls) - could this be a bug?
thanx in advance
Chris
Reply to: