Hi,
I am trying to configure ProFTPd 1.2.10 on CentOS 4.4 so that
it will authenticate using pam_ldap with an alternate configuration
file via config=/etc/ldap-ftp.conf so that I can set a different base
dn than that used by the Unix logins. But despite whatever combinations
I have tried (and I've tried scores) it appears to still always use the
base dn in /etc/ldap.conf. I've yet to find a way to prove whether or
not PAM is even looking at the alternate config file. But I never see
a request in my LDAP server (Fedora DS 1.0.4) for that base dn.

My proftpd.conf looks like this.

DebugLevel 9
SyslogFacility LOCAL5
AuthPAMConfig proftpd
PersistentPasswd off

* Note - for testing purposes, I put a non-existent file name in the
AuthPAMConfig directive and ProFTPd never complains about it. But if
I put intentional bad PAM directives in the existing file, PAM does
in fact gripe.

I am using this stripped down basic /etc/pam.d/proftpd file.

#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so config=/etc/ldap-ftp.conf
auth required /lib/security/pam_pwdb.so shadow nullok
account sufficient /lib/security/pam_ldap.so config=/etc/ldap-ftp.conf
account required /lib/security/pam_pwdb.so
session required pam_mkhomedir.so skel=/etc/skel umask=0077

Of course debug isn't supported for pam_ldap so that's no help.
And I cannot use mod_ldap as shadowAccount expiry isn't supported. Any
pointers on resolving this or at least how to get better debug info?

Thanks.

--
- Kyle
---------------------------------------------
kylet@panix.com http://www.panix.com/~kylet
---------------------------------------------

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?p...rge&CID=DEVDEV
_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html