Hey, sounds good. I'll mess with this a bit later and see if I can get it to work. I ended up creating an "cn=proftpd,ou=misc,..." entry to my tree with read access to the userPassword attributes. I didn't want to do it this way but someone suggested it and it *did* work, so...
Anyways, thanks alot. That sounds like exactly what I was looking for. j. -- Jeremy L. Gaddis <[EMAIL PROTECTED]> -----Original Message----- From: Steve McIntyre [mailto:[EMAIL PROTECTED] Sent: Saturday, January 12, 2002 9:27 PM To: [EMAIL PROTECTED] Cc: debian-user@lists.debian.org Subject: Re: ProFTPd + mod_LDAP + OpenLDAP In article <[EMAIL PROTECTED]> you write: >Today I compiled ProFTPd with support for mod_ldap >(authenticating against OpenLDAP). I set up proftpd.conf >as per the documentation and authentication was still >failing. After examining the log files for ProFTPd, >I noticed that it was attempting to lookup various >attributed in the LDAP server after entering a username >but before entering a password. It was attempting to >get the value of the "userPassword" attribute, which my >ACLs didn't allow. After changing OpenLDAP's ACLs to >the following, user authentication worked: What I've done for LDAP and proftpd was just use the already-functional PAM support and not added mod_ldap. Then my /etc/pam.d/proftpd looks like ================================================== #%PAM-1.0 auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth sufficient pam_ldap.so auth required pam_unix.so nullok # This is disabled because anonymous logins will fail otherwise, # unless you give the 'ftp' user a valid shell, or /bin/false and add # /bin/false to /etc/shells. #auth required pam_shells.so account sufficient pam_ldap.so account required pam_unix.so session sufficient pam_ldap.so session required pam_unix.so ================================================== and then added the line PersistentPasswd off to /etc/proftpd.conf, which took a while (and some help from the developers) to work out. Now it all works fine for me. -- Steve McIntyre, Cambridge, UK. [EMAIL PROTECTED] "They say that you play Cambridge twice - once on the way up and once on the way down. It's nice to be back..." --- Armstrong & Miller
