[Date Prev][Date Next] [Chronological] [Thread] [Top]

[Fwd: about your ldap plugins for proftpd]




Hi,

I had no answer from the author of the mod_ldap, so I forward this mail here...

Behind this mail, my question (for ldap apps developpers) is :
Is it a good thing to directly bind as a user or is it better to bind as manager (or privileged user), get the full DN for a user and then bind again as this user...?


Thanks

Prune

Hi,

I mailled the Openldap Mailing List and went through Proftpd archives about how to use your plugins.
The only thing I found was "go through the code it's very simple :)"


In fact I don't have time, So I'll ask directly to you, the author :)
Maybe you'll have some time for me :)

So, my probleme is the I haven't found yet how to make proftpd bind ldap with the user requested, and not as the manager.

If I define a LDAPDNInfo, (and LDAPAuthBinds on), the first bind and retriev of user info is made a cn=manager
The problem is I have to put the passwd on the manager in the conf.


A best solution (I think, maybe I'm wrong, tell me) would be to bind as the ftp wanted user (the user you logg in ftp).
The bind should then try to bind a dn like :
dn= "uid=prune, ou=users, ou=lecentre.net, dc=lecentre, dc=net"
when I do a "ncftp -u prune ftp.lecentre.net"
and use the userPassword attribut as password for the bind.


But, I haven't been able to do it, so far.

I'll just copy my Ldap access conf, so maybe you'll be able to give me the good LDAP directives to use, and the good ACL to set in LDAP

Thanks in advance,

Prune



Ldap ACLs :

access to dn=".*,ou=users,ou=.*,dc=lecentre,dc=net" attrs=uid
      by dn="cn=manager,dc=lecentre,dc=net" write
      by self read
      by anonymous search

# access to dn=".*,ou=users,ou=.*,dc=lecentre,dc=net"
access to dn=".*,ou=users,ou=.*,dc=lecentre,dc=net"
      by dn="cn=manager,dc=lecentre,dc=net" write
      by self write
      by anonymous search
      by * none

# The admin dn has full write access
access to *
      by dn="cn=manager,dc=lecentre,dc=net" write
      by * read



Proftpd conf file :
LDAPServer localhost
LDAPAuthBinds on
LDAPDNInfo cn=manager,dc=lecentre,dc=net password
#LDAPPrefix "dc=lecentre,dc=net"
# LDAPDoAuth on "ou=users,ou=lecentre.net,dc=lecentre,dc=net"



--
- le Centre - a Mad Cow Tribe product


(Very uncommon, but we should please everybody anyway, even disturbed minds)


--
- le Centre - a Mad Cow Tribe product


(Very uncommon, but we should please everybody anyway, even disturbed minds)