I am trying to configure ProFTPd 1.2.10 on CentOS 4.4 so that
it will authenticate using pam_ldap with an alternate configuration
file via config=/etc/ldap-ftp.conf so that I can set a different base
dn than that used by the Unix logins. But despite whatever combinations
I have tried (and I've tried scores) it appears to still always use the
base dn in /etc/ldap.conf. I've yet to find a way to prove whether or
not PAM is even looking at the alternate config file. But I never see
a request in my LDAP server (Fedora DS 1.0.4) for that base dn.

My proftpd.conf looks like this.

DebugLevel 9
SyslogFacility LOCAL5
AuthPAMConfig proftpd
PersistentPasswd off

* Note - for testing purposes, I put a non-existent file name in the
AuthPAMConfig directive and ProFTPd never complains about it. But if
I put intentional bad PAM directives in the existing file, PAM does
in fact gripe.

I am using this stripped down basic /etc/pam.d/proftpd file.

auth sufficient /lib/security/pam_ldap.so config=/etc/ldap-ftp.conf
auth required /lib/security/pam_pwdb.so shadow nullok
account sufficient /lib/security/pam_ldap.so config=/etc/ldap-ftp.conf
account required /lib/security/pam_pwdb.so
session required pam_mkhomedir.so skel=/etc/skel umask=0077

Of course debug isn't supported for pam_ldap so that's no help.
And I cannot use mod_ldap as shadowAccount expiry isn't supported. Any
pointers on resolving this or at least how to get better debug info?


- Kyle
kylet@panix.com http://www.panix.com/~kylet

Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
ProFTPD Users List
Unsubscribe problems?