In article <[EMAIL PROTECTED]> you write: >Today I compiled ProFTPd with support for mod_ldap >(authenticating against OpenLDAP). I set up proftpd.conf >as per the documentation and authentication was still >failing. After examining the log files for ProFTPd, >I noticed that it was attempting to lookup various >attributed in the LDAP server after entering a username >but before entering a password. It was attempting to >get the value of the "userPassword" attribute, which my >ACLs didn't allow. After changing OpenLDAP's ACLs to >the following, user authentication worked:
What I've done for LDAP and proftpd was just use the already-functional PAM support and not added mod_ldap. Then my /etc/pam.d/proftpd looks like ================================================== #%PAM-1.0 auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth sufficient pam_ldap.so auth required pam_unix.so nullok # This is disabled because anonymous logins will fail otherwise, # unless you give the 'ftp' user a valid shell, or /bin/false and add # /bin/false to /etc/shells. #auth required pam_shells.so account sufficient pam_ldap.so account required pam_unix.so session sufficient pam_ldap.so session required pam_unix.so ================================================== and then added the line PersistentPasswd off to /etc/proftpd.conf, which took a while (and some help from the developers) to work out. Now it all works fine for me. -- Steve McIntyre, Cambridge, UK. [EMAIL PROTECTED] "They say that you play Cambridge twice - once on the way up and once on the way down. It's nice to be back..." --- Armstrong & Miller
