I have the same problem/question as you. Have you found a solution?
I have a problem configuring ProFTP to use LDAP over SSL (i.e. ldaps on port 636).
- ProFTP without TLS (TLSEngine off) DOES authenticate with LDAP without SSL (LDAPServer 220.127.116.11:389)
- ProFTP with TLS (TLSEngine on, path to the ftp-ssl certificates) DOES authenticate with LDAP without SSL (LDAPServer 18.104.22.168:389)
- ProFTP with TLS (TLSEngine on, path to the ftp-ssl certificates) DOES NOT authenticate with LDAP with SSL (LDAPUseTLS on; LDAPServer 22.214.171.124:636)
If I look in the logs I see that the ProFTP Server connects to the LDAP server on the correct port, the LDAP server accepts the connection but the TLS fails!
In principle for me it is obvious because in the ProFTP configuration I do give the path to the FTP-SSL certificates and keys but I do not input any path for the LDAP-SSL certificates and keys i.e. im my opinion it can not work like this.
So my question is how to make it work? As I have said in my opinion the key point is to be able to set the path where the ProFTP server finds the certificates for the LDAP server.
I do not find any hint whatsoever in the net.
The steps I have done:
- The LDAP Server IP (say) 126.96.36.199
- The LDAP Server listens to port 636 (ldaps) and port (ldap).
- I have created a certificate for the LDAP server (slapd.pem, slapd.key)
- The LDAP server itself is fully functioning on both ldap and ldaps (for example ldaps with apache ok)
* The LDAP Server IP (say) 188.8.131.52
* I have created a certificate for the ProFTP server (ftp2.pem, ftp2.key)
* I have copied locally the certificates of the LDAP server (slapd.pem, slapd.key)
* This is the ProFTP configuration (mod_tls and mod_ldap parts)
TLSRenegotiate required off
LDAPDoAuth on "ou=bbb,dc=aaa,dc=de" "(&(uid=%v)(objectclass=posixAccount))"
LDAPDNInfo "uid=1234,dc=aaa,dc=de" root
## Require that an incoming user can successfully bind to the LDAPServer.
LDAPDoUIDLookups on "ou=bbb,dc=aaa,dc=de"
Both LDAP server and ProFTP (proftp-ldap) server are debian.