The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Top Forums > UNIX for Advanced & Expert Users
proftp & LDAP proftp & LDAP
Google UNIX.COM
Forums Portal Register Forum Rules FAQContribute Members List Arcade Search Today's Posts Mark Forums Read


UNIX for Advanced & Expert Users Advanced UNIX and Linux questions go here. Expert-to-Expert.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
LDAP help Katkota UNIX for Dummies Questions & Answers 0 12-06-2007 08:30 PM
ldap for aix pascalbout AIX 0 07-27-2006 02:56 AM
Ldap dipanrc Linux 2 12-28-2005 05:09 PM
ksh -> LDAP Juan UNIX for Advanced & Expert Users 2 04-05-2005 01:18 AM
Ssl Ldap truma1 UNIX for Advanced & Expert Users 0 11-23-2004 05:51 AM

Reply
 
Submit Tools LinkBack Thread Tools Search this Thread Display Modes
  #1  
Old 05-22-2008
Registered User
  

Join Date: Feb 2008
Posts: 10
proftp & LDAP
Hi,

in short I want a proftp server to authenticate against an ldap server. I have configured 1 proftp server to do this and it works as butter. I have configured another one in my opinion in exactly the same way and it does not work.
All servers are up-to-date debian.
For proftp is installed the proftp-ldap package (i.e. proftp is precompiled with ldap support).
For Ldap openldap is configured and working fine.

The problem is that it looks to me it does not even try to contact the ldap server for user authentication: I have checked for outgoing packages with tcpdump in the direction of the ldap server (tcpdump -n host Ip_ldap_server): nothing recorded!!!

I have no idea why it does not even try to connect to the LDAP server. Even less I do not understand what I did on the other server to make it work .....

this is the proftpd.conf file

Code:
# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6                         off

ServerName                      "abc.cde.de"
ServerType                      standalone
DeferWelcome                    off
UseReverseDNS                   off

MultilineRFC2228                on
DefaultServer                   on
DefaultAddress                  1.2.3.4
ShowSymlinks                    on

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                     "-l"

DenyFilter                      \*.*/

# Port 21 is the standard FTP port.
Port                            21


MaxInstances                    30

# Set the user and group that the server normally runs at.
User                            proftpd
Group                           nogroup

# Normally, we want files to be overwriteable.
AllowOverwrite                  on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
PersistentPasswd                off


LogFormat write "%t %h %l %u  \"%r\" %s %b %T"
TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log
ExtendedLog /var/log/proftpd/xtendlog Read,Write,Auth write
#SyslogLevel                     warn
SyslogLevel                     debug

# User Settings
AuthUserFile                    /etc/proftpd/users.passwd

RootLogin                       off
CreateHome                      on dirmode 755
DefaultRoot                     ~
DeleteAbortedStores             on
IdentLookups                    off
MaxClientsPerHost               5
MaxLoginAttempts                5
RequireValidShell               off
RootRevoke                      off
TimesGMT        off


<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default. 
<IfModule mod_delay.c>
#DelayEngine on
DelayEngine off
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        on
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>
<IfModule mod_ldap.c>

## Define the LDAP server to contact 
LDAPServer    5.6.7.8:389


## Limit users to their web directory. Use an "ad hoc" search filter
mplate"  ]
LDAPDoAuth     on "dc=aaa,dc=de" "(&(uid=%v)(objectclass=posixAccount))"

## LDAP Bind Directives
## Syntax -> LDAPDNInfo [ LDAPDNInfo "ldap-dn" "dn-password"  ]
LDAPDNInfo "uid=bind,dc=aaa,dc=de" passwd

## Require that an incoming user can successfully bind to the LDAPServer.
LDAPAuthBinds     on

## Look up UIDs and GIDs in the directory.

LDAPDoUIDLookups   on "dc=aaa,dc=de"

LDAPSearchScope subtree

</IfModule>

any idea?
Reply With Quote
Forum Sponsor
  #2  
Old 05-22-2008
Registered User
  

Join Date: Mar 2006
Location: Ahmedabad
Posts: 120
pam_ldap
Any LDAP auth operation I prefer to do with LDAP Pluggable Authentication Module.
Reply With Quote
Google The UNIX and Linux Forums
Reply

« File Usage for CISAM file in UNIX | Restrict FTP access to a single directory for only one user. »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode




All times are GMT -7. The time now is 01:11 PM.

The UNIX and Linux Forums RSS Feeds - Contact Us - The UNIX and Linux Forums - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited.
The UNIX and Linux Forums Content Copyright ©1993-2008. All Rights Reserved.Ad Management by RedTyger Visit The Complex Event Processing Blog

Content Relevant URLs by vBSEO 3.2.0