[Proftpd-user] Is there anyone who runs proftpd, - proftpd

This is a discussion on [Proftpd-user] Is there anyone who runs proftpd, - proftpd ; Hi, i want to run a proftpd which authentificates to LDAP over SSL (ldaps://) and also encode the ftp-transmission. I have a generel Question. Is there anyone who runs this constellation succesfully? The secure ftp-transmission isn't the problem. I want ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [Proftpd-user] Is there anyone who runs proftpd,

  1. [Proftpd-user] Is there anyone who runs proftpd,

    Hi,
    i want to run a proftpd which authentificates to LDAP over SSL (ldaps://)
    and also encode the ftp-transmission.

    I have a generel Question.

    Is there anyone who runs this constellation succesfully?

    The secure ftp-transmission isn't the problem. I want to know if mod_ldap to
    ldaps:// works and if it works, how it works.

    I read the documentation of proftpd and mod_ldap, searched the web, tested
    it for myself and i got no solution. I don't want to use PAM (which worked).


    I appreciating every kind of idea. I would publish that in the official
    Forum or somewhere else in a place easy to find, because there are some
    other people who are intrested in this topic, too. They also get no solution
    so far.

    Please correct me and help me if I'm wrong or only not able to find
    something helpful about this topic.

    Thank you for every answer
    Adrian

    --
    Have you tried to turn it off and on again?



    -------------------------------------------------------------------------
    This SF.net email is sponsored by DB2 Express
    Download DB2 Express C - the FREE version of DB2 express and take
    control of your XML. No limits. Just data. Click to get it now.
    http://sourceforge.net/powerbar/db2/
    _______________________________________________
    ProFTPD Users List
    Unsubscribe problems?
    http://www.proftpd.org/list-unsub.html

  2. LDAP + SSL (LDAPServer 1.2.3.4:636) Do you have a solution?

    Hallo,

    I have the same problem/question as you. Have you found a solution?

    I have a problem configuring ProFTP to use LDAP over SSL (i.e. ldaps on port 636).

    In short:
    • ProFTP without TLS (TLSEngine off) DOES authenticate with LDAP without SSL (LDAPServer 1.2.3.4:389)
    • ProFTP with TLS (TLSEngine on, path to the ftp-ssl certificates) DOES authenticate with LDAP without SSL (LDAPServer 1.2.3.4:389)
    • ProFTP with TLS (TLSEngine on, path to the ftp-ssl certificates) DOES NOT authenticate with LDAP with SSL (LDAPUseTLS on; LDAPServer 1.2.3.4:636)


    If I look in the logs I see that the ProFTP Server connects to the LDAP server on the correct port, the LDAP server accepts the connection but the TLS fails!

    In principle for me it is obvious because in the ProFTP configuration I do give the path to the FTP-SSL certificates and keys but I do not input any path for the LDAP-SSL certificates and keys i.e. im my opinion it can not work like this.

    So my question is how to make it work? As I have said in my opinion the key point is to be able to set the path where the ProFTP server finds the certificates for the LDAP server.

    I do not find any hint whatsoever in the net.


    The steps I have done:

    LDAP Server:
    • The LDAP Server IP (say) 1.2.3.4
    • The LDAP Server listens to port 636 (ldaps) and port (ldap).
    • I have created a certificate for the LDAP server (slapd.pem, slapd.key)
    • The LDAP server itself is fully functioning on both ldap and ldaps (for example ldaps with apache ok)


    ProFTP Server:

    * The LDAP Server IP (say) 5.6.7.8
    * I have created a certificate for the ProFTP server (ftp2.pem, ftp2.key)
    * I have copied locally the certificates of the LDAP server (slapd.pem, slapd.key)
    * This is the ProFTP configuration (mod_tls and mod_ldap parts)

    Code:
    
    TLSEngine                       on
    TLSLog                          /ftp2/logs/tls.log
    TLSProtocol                     SSLv23
    TLSOptions                      NoCertRequest
    TLSRSACertificateFile           /ftp2/conf/ssl_certs/ftp2.pem
    TLSRSACertificateKeyFile        /ftp2/conf/ssl_certs/ftp2.key
    TLSCACertificateFile            /ftp2/conf/ssl_certs/ftp2.pem
    TLSVerifyClient                 off
    TLSRequired                     on
    TLSRenegotiate                  required off
    
    
    
    #LDAPServer    1.2.3.4:389
    
    LDAPUseTLS  on
    LDAPServer    1.2.3.4:636
    
    LDAPDoAuth     on "ou=bbb,dc=aaa,dc=de" "(&(uid=%v)(objectclass=posixAccount))"
    
    LDAPDNInfo "uid=1234,dc=aaa,dc=de" root
    
    ## Require that an incoming user can successfully bind to the LDAPServer.
    LDAPAuthBinds     on
    
    LDAPDoUIDLookups   on "ou=bbb,dc=aaa,dc=de"
    
    LDAPSearchScope subtree
    
    

    Both LDAP server and ProFTP (proftp-ldap) server are debian.

    Please Help.

    Thanks.

+ Reply to Thread