[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[Fwd: about your ldap plugins for proftpd]
- To: openldap software list <openldap-software@OpenLDAP.org>
- Subject: [Fwd: about your ldap plugins for proftpd]
- From: Prune <prune@lecentre.net>
- Date: Tue, 17 Jul 2001 09:22:37 +0200
- Organization: Lecentre
- User-agent: Mozilla/5.0 (X11; U; Linux 2.4.3-20mdksmp i686; en-US; m18) Gecko/20010131 Netscape6/6.01
Hi,
I had no answer from the author of the mod_ldap, so I forward this mail
here...
Behind this mail, my question (for ldap apps developpers) is :
Is it a good thing to directly bind as a user or is it better to bind as
manager (or privileged user), get the full DN for a user and then bind
again as this user...?
Thanks
Prune
Hi,
I mailled the Openldap Mailing List and went through Proftpd archives
about how to use your plugins.
The only thing I found was "go through the code it's very simple :)"
In fact I don't have time, So I'll ask directly to you, the author :)
Maybe you'll have some time for me :)
So, my probleme is the I haven't found yet how to make proftpd bind ldap
with the user requested, and not as the manager.
If I define a LDAPDNInfo, (and LDAPAuthBinds on), the first bind and
retriev of user info is made a cn=manager
The problem is I have to put the passwd on the manager in the conf.
A best solution (I think, maybe I'm wrong, tell me) would be to bind as
the ftp wanted user (the user you logg in ftp).
The bind should then try to bind a dn like :
dn= "uid=prune, ou=users, ou=lecentre.net, dc=lecentre, dc=net"
when I do a "ncftp -u prune ftp.lecentre.net"
and use the userPassword attribut as password for the bind.
But, I haven't been able to do it, so far.
I'll just copy my Ldap access conf, so maybe you'll be able to give me
the good LDAP directives to use, and the good ACL to set in LDAP
Thanks in advance,
Prune
Ldap ACLs :
access to dn=".*,ou=users,ou=.*,dc=lecentre,dc=net" attrs=uid
by dn="cn=manager,dc=lecentre,dc=net" write
by self read
by anonymous search
# access to dn=".*,ou=users,ou=.*,dc=lecentre,dc=net"
access to dn=".*,ou=users,ou=.*,dc=lecentre,dc=net"
by dn="cn=manager,dc=lecentre,dc=net" write
by self write
by anonymous search
by * none
# The admin dn has full write access
access to *
by dn="cn=manager,dc=lecentre,dc=net" write
by * read
Proftpd conf file :
LDAPServer localhost
LDAPAuthBinds on
LDAPDNInfo cn=manager,dc=lecentre,dc=net password
#LDAPPrefix "dc=lecentre,dc=net"
# LDAPDoAuth on
"ou=users,ou=lecentre.net,dc=lecentre,dc=net"
--
- le Centre -
a Mad Cow Tribe product
(Very uncommon, but we should please everybody anyway, even disturbed minds)
--
- le Centre -
a Mad Cow Tribe product
(Very uncommon, but we should please everybody anyway, even disturbed minds)