pure-ftpd-ldap: unusable on 4.6, both i386 and amd64

Toni Mueller Sun, 03 Jan 2010 09:30:13 -0800

Hi,

I'm having a problem with pure-ftpd-ldap from packages, and I am now
out of my wits. Sorry. :(


The problem: After upgrading from 4.4 and 4.5, I cannot log in to any
account on any of my FTP servers anymore because the passwords are
rejected. Using lftp, I can see this:


$ lftp -d -u testing 192.168.1.10
Password: 
lftp test...@192.168.1.10:~> ls       
---- Connecting to 192.168.1.10 (192.168.1.10) port 21
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<--- 220-You are user number 1 of 50 allowed.
<--- 220-Local time is now 18:08. Server port: 21.
<--- 220-This is a private system - No anonymous login
<--- 220 You will be disconnected after 15 minutes of inactivity.
---> FEAT
<--- 211-Extensions supported:
<---  EPRT
<---  IDLE
<---  MDTM
<---  SIZE
<---  REST STREAM
<---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<---  MLSD
<---  AUTH TLS
<---  PBSZ
<---  PROT
<---  UTF8
<---  TVFS
<---  ESTA
<---  PASV
<---  EPSV
<---  SPSV
<---  ESTP
<--- 211 End.
---> AUTH TLS
<--- 234 AUTH TLS OK.
---> OPTS UTF8 ON
Certificate: C=DE,ST=Nordrhein-Westfalen,L=Wiehl,O=Oeko.neT Mueller & Brandt 
GbR,OU=Technik,CN=*.oeko.net,email=supp...@oeko.net
 Issued by: C=DE,ST=Nordrhein-Westfalen,L=Wiehl,O=Oeko.neT Mueller & Brandt 
GbR,OU=CA,cn...@oeko.net,email...@oeko.net
WARNING: Certificate verification: Not trusted
WARNING: Certificate verification: The certificate's owner does not match 
hostname '192.168.1.10'

<--- 200 OK, UTF-8 enabled 
---> OPTS MLST type;size;modify;UNIX.mode;UNIX.uid;UNIX.gid;
<--- 200  MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
---> USER testing
<--- 331 User testing OK. Password required
---> PASS XXXX
<--- 530 Login authentication failed
---- Closing control socket
ls: Login failed: 530 Login authentication failed


On the server side, I was unable to make pure-ftpd log specifics, but
the OpenLDAP logs show something strange:

With debug level 511, the entry is logged in hex, and then:

@400000004b40cc9027ed4a64 ====> cache_return_entry_r( 262 ): returned (0)
@400000004b40cc9027ed5dec send_ldap_result: conn=1 op=1 p=3
@400000004b40cc9027ed6d8c send_ldap_result: err=0 matched="" text=""
@400000004b40cc9027ed8114 send_ldap_response: msgid=2 tag=101 err=0
@400000004b40cc9027ed949c ber_flush: 14 bytes to sd 13
@400000004b40cc9027eda43c   0000:  30 0c 02 01 02 65 07 0a  01 00 04 00 04 00   
      0....e........    
@400000004b40cc9027edb7c4 ldap_write: want=14, written=14
@400000004b40cc9027edcb4c   0000:  30 0c 02 01 02 65 07 0a  01 00 04 00 04 00   
      0....e........    
@400000004b40cc9027edded4 conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1 
text=
@400000004b40cc9027edf25c daemon: activity on 1 descriptor
@400000004b40cc9027ee01fc daemon: activity on: 13r
@400000004b40cc9027ee119c daemon: read activity on 13
@400000004b40cc9027ee2524 connection_get(13)
@400000004b40cc9027ee34c4 connection_get(13): got connid=1
@400000004b40cc9027ee484c connection_read(13): checking for input on id=1
@400000004b40cc9027ee57ec ber_get_next
@400000004b40cc9027ee6b74 ldap_read: want=8, got=7
@400000004b40cc9027ee7b14   0000:  30 05 02 01 03 42 00                         
      0....B.           
@400000004b40cc9027ee8e9c ber_get_next: tag 0x30 len 5 contents:
@400000004b40cc9027eea224 ber_dump: buf=0x20070cbc0 ptr=0x20070cbc0 
end=0x20070cbc5 len=5
@400000004b40cc9027eeb1c4   0000:  02 01 03 42 00                               
      ...B.             
@400000004b40cc9027eec54c ber_get_next
@400000004b40cc9027eed4ec ldap_read: want=8, got=0
@400000004b40cc9027eee874 
@400000004b40cc9027eef814 ber_get_next on fd 13 failed errno=0 (Undefined 
error: 0)
@400000004b40cc9027ef26f4 connection_read(13): input error=-2 id=1, closing.
@400000004b40cc9027ef3694 connection_closing: readying conn=1 sd=13 for close
@400000004b40cc9027ef4a1c connection_close: deferring conn=1 sd=13
@400000004b40cc9027ef5da4 daemon: select: listen=8 active_threads=0 tvp=NULL
@400000004b40cc9027ef6d44 daemon: activity on 1 descriptor
@400000004b40cc9027ef80cc daemon: waked
@400000004b40cc9027ef906c daemon: select: listen=8 active_threads=0 tvp=NULL
@400000004b40cc9027efa3f4 do_unbind


I guessed that this is a pure-ftpd problem because using other entries
in the same LDAP server for email works like before, without any visible
problem.

I have completely reloaded the directory, and also used db4.2_recover
on it in a vain attempt to get things working.

Using Google also didn't turn up useful info so far...



TIA!


-- 
Kind regards,
--Toni++

pure-ftpd-ldap: unusable on 4.6, both i386 and amd64

Reply via email to