Configure ProFTPd to use LDAP-Authentication

From Univention Wiki

Redirect page
Jump to: navigation, search

Redirect to:

Produktlogo UCS Version 3.0

To allow all users of a domain to authenticate to use an FTP-Server with their usual login the packet ProFTPd can be configured to use the LDAP backend. This allows the usage in a same user same password fashion.

Installation

ProFTPd can be installed using the the univention-ftp meta paket: 

univention-install univention-ftp

Configuration

First the LDAP module of ProFTPd needs to be enabled. Therefore the line 

LoadModule mod_ldap.c

has to be uncommented in the configuration file: 

/etc/proftpd/modules.conf

Further in the file 

/etc/proftpd/proftpd.conf

the folowing line has to be uncommented 

Include /etc/proftpd/ldap.conf

Next a simple authentication account should be created using the UDM. This account can then be used for an authenticated bind. To find the DN of the account issue the following command on the command line: 

udm users/user list --filter name=<NAME of the account> | grep DN

In the LDAP configuration file 

/etc/proftpd/ldap.conf

use the following settings inside the 

<IfModule mod_ldap.c>

tags: 

LDAPServer ldap://<fqdn of the DC master>
LDAPDNInfo "<DN of the authentication account>" "<Password of the authentication account>"
LDAPDoAuth on "dc=users,<base domain>"
LDAPUseTLS on
Retrieved from "https://wiki.univention.de/index.php?title=Configure_ProFTPd_to_use_LDAP-Authentication&oldid=13258"
Personal tools