Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # LDAP authentication for proftpd, using posixGroups, as used by default within the kolab collaboration server (kolab.org)
- # subunit: ou=FTPGroups,ou=Groups,dc=domain,dc=com
- # Author: Henning Hollermann
- # Website: laclaro.wordpress.com
- # License: GPLv3
- <IfModule mod_ldap.c>
- # we do not use LDAP TLS here (do not comment this line!)
- LDAPUseTLS no
- # we use traditional LDAP
- AuthPAM off
- LDAPSearchScope subtree
- LDAPServer "127.0.0.1"
- LDAPAuthBinds on
- # this user should only be allowed to search the LDAP tree for cn (no access to UserPassword here!)
- LDAPBindDN "uid=kolab-service,ou=Special Users,dc=domain,dc=com" master
- # we do no fetch uid and gid from LDAP, so proftpd falls back to these values.
- # They do not have to be present /etc/group and /etc/passwd,
- # but access has to be guaranteed at least by the ACL
- LDAPDefaultUID 65534
- LDAPDefaultGID 10000
- LDAPDefaultAuthScheme MD5
- # all users in ou=People are allowed to login
- LDAPUsers ou=People,dc=domain,dc=com "(&(uid=%u)(objectClass=kolabinetorgperson))"
- # groups have to be posixgroups with a uid number within ou=FTPGroups,ou=Groups
- # first filter: group cn, second filter: group id, third filter: member uid
- LDAPGroups ou=FTPGroups,ou=Groups,dc=domain,dc=com "(&(cn=%u)(objectClass=groupOfUniqueNames)(objectclass=posixgroup))" "(&(gidNumber=%u)(objectClass=groupOfUniqueNames)(objectclass=posixgroup))" "(&(uniqueMember=uid=%u,ou=People,dc=domain,dc=com)(objectClass=groupOfUniqueNames)(objectclass=posixgroup))"
- # create home directory if it does not exist
- # the dir has to be writable by the proftpd user
- LDAPGenerateHomedirPrefix "/var/ftp/home/"
- LDAPGenerateHomedir on
- LDAPForceGeneratedHomedir on
- </IfModule>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement