Configure ProFTPd to use LDAP-Authentication

From Univention Wiki

Redirect page
Jump to: navigation, search
Produktlogo UCS Version 3.0

To allow all users of a domain to authenticate to use an FTP-Server with their usual login the packet ProFTPd can be configured to use the LDAP backend. This allows the usage in a same user same password fashion.


ProFTPd can be installed using the the univention-ftp meta paket:

univention-install univention-ftp


First the LDAP module of ProFTPd needs to be enabled. Therefore the line

LoadModule mod_ldap.c

has to be uncommented in the configuration file:


Further in the file


the folowing line has to be uncommented

Include /etc/proftpd/ldap.conf

Next a simple authentication account should be created using the UDM. This account can then be used for an authenticated bind. To find the DN of the account issue the following command on the command line:

udm users/user list --filter name=<NAME of the account> | grep DN

In the LDAP configuration file


use the following settings inside the

<IfModule mod_ldap.c>


LDAPServer ldap://<fqdn of the DC master>
LDAPDNInfo "<DN of the authentication account>" "<Password of the authentication account>"
LDAPDoAuth on "dc=users,<base domain>"
Personal tools