[Proftpd-user] Is there anyone who runs proftpd,
i want to run a proftpd which authentificates to LDAP over SSL (ldaps://)
and also encode the ftp-transmission.
I have a generel Question.
Is there anyone who runs this constellation succesfully?
The secure ftp-transmission isn't the problem. I want to know if mod_ldap to
ldaps:// works and if it works, how it works.
I read the documentation of proftpd and mod_ldap, searched the web, tested
it for myself and i got no solution. I don't want to use PAM (which worked).
I appreciating every kind of idea. I would publish that in the official
Forum or somewhere else in a place easy to find, because there are some
other people who are intrested in this topic, too. They also get no solution
Please correct me and help me if I'm wrong or only not able to find
something helpful about this topic.
Thank you for every answer
Have you tried to turn it off and on again?
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
ProFTPD Users List <email@example.com>
LDAP + SSL (LDAPServer 188.8.131.52:636) Do you have a solution?
I have the same problem/question as you. Have you found a solution?
I have a problem configuring ProFTP to use LDAP over SSL (i.e. ldaps on port 636).
[LIST][*]ProFTP without TLS (TLSEngine off) DOES authenticate with LDAP without SSL (LDAPServer 184.108.40.206:389) :)[*]ProFTP with TLS (TLSEngine on, path to the ftp-ssl certificates) DOES authenticate with LDAP without SSL (LDAPServer 220.127.116.11:389) :)[*]ProFTP with TLS (TLSEngine on, path to the ftp-ssl certificates) DOES NOT authenticate with LDAP with SSL (LDAPUseTLS on; LDAPServer 18.104.22.168:636) :mad:[/LIST]
If I look in the logs I see that the ProFTP Server connects to the LDAP server on the correct port, the LDAP server accepts the connection but the TLS fails!
In principle for me it is obvious because in the ProFTP configuration I do give the path to the FTP-SSL certificates and keys but I do not input any path for the LDAP-SSL certificates and keys i.e. im my opinion it can not work like this.
So my question is how to make it work? As I have said in my opinion the key point is to be able to set the path where the ProFTP server finds the certificates for the LDAP server.
I do not find any hint whatsoever in the net.
The steps I have done:
LDAP Server:[LIST][*]The LDAP Server IP (say) 22.214.171.124[*]The LDAP Server listens to port 636 (ldaps) and port (ldap).[*]I have created a certificate for the LDAP server (slapd.pem, slapd.key)[*]The LDAP server itself is fully functioning on both ldap and ldaps (for example ldaps with apache ok)[/LIST]
* The LDAP Server IP (say) 126.96.36.199
* I have created a certificate for the ProFTP server (ftp2.pem, ftp2.key)
* I have copied locally the certificates of the LDAP server (slapd.pem, slapd.key)
* This is the ProFTP configuration (mod_tls and mod_ldap parts)
TLSRenegotiate required off
LDAPDoAuth on "ou=bbb,dc=aaa,dc=de" "(&(uid=%v)(objectclass=posixAccount))"
LDAPDNInfo "uid=1234,dc=aaa,dc=de" root
## Require that an incoming user can successfully bind to the LDAPServer.
LDAPDoUIDLookups on "ou=bbb,dc=aaa,dc=de"
Both LDAP server and ProFTP (proftp-ldap) server are debian.