[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: using ldap with proftpd
Pierangelo Masarati wrote:
>
> > It's now working but not as I wish :
> >
> > Prune wrote:
> > >
> > > Hi,
> > >
> > > I'm sorry to ask, but I can't find any doc about that..
> > >
> > > I've just installed the last proftpd server compiled with mod_ldap (vers
> > > 2.7.6)
> > > I add in the proftpd.conf :
> > >
> > > LDAPServer localhost
> > > LDAPAuthBinds on
> > > LDAPDNInfo dc=lecentre,dc=net
> > > #LDAPPrefix "dc=lecentre,dc=net"
> > > LDAPDoAuth on "dc=lecentre,dc=net"
> > >
> >
> > I changed the LDAPDNInfo line to :
> >
> > LDAPDNInfo cn=manager, dc=lecentre, dc=net secret
> > (of course the pass is not the one I use :))
> >
> > I's now working. but this is not what I want.
> > isn't it possible to bind the user directly, without having to use the
> > manager account to do that ?
> >
> > Just for info, here are access granted to openldap in slapd.conf :
> >
> > access to dn=".*,ou=users,ou=lecentre.net,dc=lecentre,dc=net"
> > by dn="cn=manager,dc=lecentre,dc=net" write
> > by self write
> > by anonymous auth
> > by * none
> >
> > is this correct ?
>
> I guess the auth code is douing a search with uid filter,
> so you must make uid searchable by anonymous if you wish
> to allow the app to authenticate without prior binding;
> use
>
> access to dn=".*,ou=users,ou=lecentre.net,dc=lecentre,dc=net"
> by dn="cn=manager,dc=lecentre,dc=net" write
> by self write
> by anonymous search
> by * none
>
> or add this rule BEFORE yours:
>
> access to dn=".*,ou=users,ou=lecentre.net,dc=lecentre,dc=net" attrs=uid
> by dn="cn=manager,dc=lecentre,dc=net" write
> by self read
> by anonymous search
>
> (You shouldn't let self write all of its entry; you don't want
> let users change their uid or so!)
>
> Pierangelo.
Thank you for the advice :)
I still have the same problem. As I can see in the ldap directive list,
I should normaly just have to add :
LDAPDoAuth on "ou=users, ou=lecentre.net, dc=lecentre, dc=net"
Am I right when I guess that proftpd will try to bind "uid=stool,
ou=users, ou=lecentre.net, dc=lecentre, dc=net" ?????
In fact, it binds :
Jul 14 15:09:45 diamond slapd[24529]: conn=13 op=0 BIND dn="" method=128
Jul 14 15:09:45 diamond slapd[24529]: conn=13 op=0 RESULT tag=97 err=0
text=
Jul 14 15:09:45 diamond slapd[24529]: conn=13 op=1 SRCH
base="ou=users,ou=lecentre.net,dc=lecentre,dc=net" scope=2
filter="(&(uid=stool)(objectClass=posixAccount))"
Jul 14 15:09:45 diamond slapd[24529]: conn=13 op=1 SEARCH RESULT tag=101
err=0 text=
Jul 14 15:09:45 diamond slapd[24529]: conn=13 op=2 SRCH
base="ou=users,ou=lecentre.net,dc=lecentre,dc=net" scope=2
filter="(&(uid=stool)(objectClass=posixAccount))"
Jul 14 15:09:45 diamond slapd[24529]: conn=13 op=2 SEARCH RESULT tag=101
err=0 text=
Jul 14 15:09:57 diamond slapd[24529]: conn=13 op=3 UNBIND
So, why ?
Prune