[Date Prev][Date Next] [Chronological] [Thread] [Top]

Odd problem with OpenLDAP and Proftpd



I have just installed OpenLDAP from RH 6.2 RPMs. The LDAP
directory includes the info about some user accounts. I've
set on the ldap.conf file:
"pam_filter &(objectclass=account) (host=[the host name])",
so all could login (via telnet) to the machines noted on their
'host' attribute.

However, using ProFTPd I have found an odd problem. I've
installed ProFTPd 1.2 in both the LDAP server machine, named
'perseus', and another one, named 'pegasus', both having the
same ftpd configuration. All users in the LDAP directory are
able to make telnet and FTP connections to pegasus. However,
although they can also telnet to 'perseus', only "real" users
with /etc/passwd accounts can do FTP.

I have double checked all the configuration files:
/etc/proftpd.conf, /etc/ldap.conf, /etc/openldap/ldap.conf,
they all have the same content in both machines. Also
the /pam.d/ directory and nsswitch.conf looks the same.

Also the ldap.log file have a similar content for both connections
until the SEARCH with the pam_filter noted above. After that,
the content is as follows:

Pegasus (gives FTP acces with no trouble):

conn=46 op=1 SRCH base="DC=MYDOMAIN" scope=2
filter="(&(&(objectclass=ACCOUNT)(host=PEGASUS))(uid=GROUCHO))"
conn=47 op=0 BIND dn="UID=GROUCHO,OU=ACCOUNTS,DC=MYDOMAIN" method=128
conn=45 op=2 SRCH base="DC=MYDOMAIN" scope=2
filter="(&(objectclass=POSIXGROUP)(memberuid=GROUCHO))"
conn=48 op=0 BIND dn="" method=128
conn=48 op=1 SRCH base="DC=MYDOMAIN" scope=2
filter="(&(objectclass=POSIXGROUP)(gidnumber=1998))"
conn=48 op=2 SRCH base="DC=MYDOMAIN" scope=2
filter="(&(objectclass=POSIXACCOUNT)(uid=GROUCHO))"


Perseus (rejects the same user):

conn=27 op=1 SRCH base="DC=MYDOMAIN" scope=2
filter="(&(&(objectclass=ACCOUNT)(host=PERSEUS))(uid=GROUCHO))"
conn=28 op=0 BIND dn="UID=GROUCHO,OU=ACCOUNTS,DC=MYDOMAIN" method=128
conn=29 op=0 BIND dn="" method=128
conn=26 op=2 SRCH base="DC=MYDOMAIN" scope=2
filter="(&(objectclass=POSIXACCOUNT)(uid=GROUCHO))"

Any help about where should I look to sole this problem?

TIA,
J.A.