Difference between revisions of "Configure ProFTPd to use LDAP-Authentication"

From Univention Wiki

Jump to: navigation, search
 
Line 1: Line 1:
#REDIRECT [[Cool Solutions - Install ProFTP and setup ldap authentication]]
+
#REDIRECT [[Cool Solution - Install ProFTP and setup ldap authentication]]
  
 
{{Version|UCS=3.0}}
 
{{Version|UCS=3.0}}

Latest revision as of 15:15, 8 September 2017

Produktlogo UCS Version 3.0

To allow all users of a domain to authenticate to use an FTP-Server with their usual login the packet ProFTPd can be configured to use the LDAP backend. This allows the usage in a same user same password fashion.

Installation

ProFTPd can be installed using the the univention-ftp meta paket:

univention-install univention-ftp

Configuration

First the LDAP module of ProFTPd needs to be enabled. Therefore the line

LoadModule mod_ldap.c

has to be uncommented in the configuration file:

/etc/proftpd/modules.conf

Further in the file

/etc/proftpd/proftpd.conf

the folowing line has to be uncommented

Include /etc/proftpd/ldap.conf

Next a simple authentication account should be created using the UDM. This account can then be used for an authenticated bind. To find the DN of the account issue the following command on the command line:

udm users/user list --filter name=<NAME of the account> | grep DN

In the LDAP configuration file

/etc/proftpd/ldap.conf

use the following settings inside the

<IfModule mod_ldap.c>

tags:

LDAPServer ldap://<fqdn of the DC master>
LDAPDNInfo "<DN of the authentication account>" "<Password of the authentication account>"
LDAPDoAuth on "dc=users,<base domain>"
LDAPUseTLS on
Personal tools