Configure ProFTPd to use LDAP-Authentication
From Univention Wiki
Redirect page
To allow all users of a domain to authenticate to use an FTP-Server with their usual login the packet ProFTPd can be configured to use the LDAP backend. This allows the usage in a same user same password fashion.
Installation
ProFTPd can be installed using the the univention-ftp meta paket:
univention-install univention-ftp
Configuration
First the LDAP module of ProFTPd needs to be enabled. Therefore the line
LoadModule mod_ldap.c
has to be uncommented in the configuration file:
/etc/proftpd/modules.conf
Further in the file
/etc/proftpd/proftpd.conf
the folowing line has to be uncommented
Include /etc/proftpd/ldap.conf
Next a simple authentication account should be created using the UDM. This account can then be used for an authenticated bind. To find the DN of the account issue the following command on the command line:
udm users/user list --filter name=<NAME of the account> | grep DN
In the LDAP configuration file
/etc/proftpd/ldap.conf
use the following settings inside the
<IfModule mod_ldap.c>
tags:
LDAPServer ldap://<fqdn of the DC master> LDAPDNInfo "<DN of the authentication account>" "<Password of the authentication account>" LDAPDoAuth on "dc=users,<base domain>" LDAPUseTLS on