Advertisement
Guest User

proftpd-kolab-ldap.conf

a guest
Nov 27th, 2014
599
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # LDAP authentication for proftpd, using posixGroups, as used by default within the kolab collaboration server (kolab.org)
  2. # subunit: ou=FTPGroups,ou=Groups,dc=domain,dc=com
  3.  
  4. # Author: Henning Hollermann
  5. # Website: laclaro.wordpress.com
  6. # License: GPLv3
  7.  
  8. <IfModule mod_ldap.c>
  9.    # we do not use LDAP TLS here (do not comment this line!)
  10.    LDAPUseTLS               no
  11.    # we use traditional LDAP
  12.    AuthPAM                  off
  13.    LDAPSearchScope          subtree
  14.    LDAPServer               "127.0.0.1"
  15.    LDAPAuthBinds            on
  16.    # this user should only be allowed to search the LDAP tree for cn (no access to UserPassword here!)
  17.    LDAPBindDN "uid=kolab-service,ou=Special Users,dc=domain,dc=com" master
  18.    # we do no fetch uid and gid from LDAP, so proftpd falls back to these values.
  19.    # They do not have to be present /etc/group and /etc/passwd,
  20.    # but access has to be guaranteed at least by the ACL
  21.    LDAPDefaultUID           65534
  22.    LDAPDefaultGID           10000
  23.    LDAPDefaultAuthScheme    MD5
  24.    # all users in ou=People are allowed to login
  25.    LDAPUsers                ou=People,dc=domain,dc=com "(&(uid=%u)(objectClass=kolabinetorgperson))"
  26.    # groups have to be posixgroups with a uid number within ou=FTPGroups,ou=Groups
  27.    # first filter: group cn, second filter: group id, third filter: member uid
  28.    LDAPGroups               ou=FTPGroups,ou=Groups,dc=domain,dc=com "(&(cn=%u)(objectClass=groupOfUniqueNames)(objectclass=posixgroup))" "(&(gidNumber=%u)(objectClass=groupOfUniqueNames)(objectclass=posixgroup))" "(&(uniqueMember=uid=%u,ou=People,dc=domain,dc=com)(objectClass=groupOfUniqueNames)(objectclass=posixgroup))"
  29.    # create home directory if it does not exist
  30.    # the dir has to be writable by the proftpd user
  31.    LDAPGenerateHomedirPrefix "/var/ftp/home/"
  32.    LDAPGenerateHomedir on
  33.    LDAPForceGeneratedHomedir on
  34. </IfModule>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement