發佈於 作者: t850008

ProFTPd FTP Server 使用 LDAP Server 認證

測試環境
LDAP Server IP:192.168.1.20
FTP Server:192.168.1.9

1. 安裝 proftpd proftpd-ldap 套件
# yum install proftpd proftpd-ldap –enablerepo=epel
[@more@]
2. 修改 ProFTPd FTP 設定檔
# vim /etc/proftpd.conf
SystemLog                       /var/log/proftpd/proftpd.log
PassivePorts                    60000   61000

# Use pam to authenticate (default) and be authoritative
#AuthPAMConfig                  proftpd
AuthOrder                       mod_ldap.c
#AuthOrder                      mod_auth_pam.c* mod_auth_unix.c
LoadModule mod_ldap.c
<IfModule mod_ldap.c>
LDAPServer 192.168.1.20
LDAPDNInfo “cn=Manager,dc=ldap,dc=tces.ilc.edu.tw” “123456”
##LDAPDoUIDLookups on “ou=Student,dc=ldap,dc=tces.ilc.edu.tw”
##LDAPDoGIDLookups on “ou=groups,dc=ldap,dc=tces.ilc.edu.tw”
LDAPDoAuth on “ou=Student,dc=ldap,dc=tces.ilc.edu.tw” “(&(uid=%v)(objectclass=posixAccount))”
LDAPSearchScope subtree

## Assign default IDs
LDAPDefaultUID 500
LDAPDefaultGID 500

## Create the home directory
LDAPGenerateHomedir on
LDAPGenerateHomedirPrefix /home/s0990
LDAPForceGeneratedHomedir on
CreateHome on

## Use different attribute names where necessary
#LDAPAttr uid sAMAccountName
#LDAPAttr gidNumber primaryGroupID
</IfModule>

3. 重新啟動 ProFTPd FTP Server
# service proftpd restart
Shutting down proftpd:                                     [  OK  ]
Starting proftpd:                                          [  OK  ]

在 LDAP Server 中的測試帳號 s0990999
# /usr/bin/ldapsearch -x -b “ou=s0990,ou=Student,dc=ldap,dc=tces.ilc.edu.tw” uid=s0990999
# extended LDIF
#
# LDAPv3
# base <ou=s0990,ou=Student,dc=ldap,dc=tces.ilc.edu.tw> with scope subtree
# filter: uid=s0990135
# requesting: ALL
#

# s0990999, s0990, Student, ldap.tces.ilc.edu.tw
dn: uid=s0990999,ou=s0990,ou=Student,dc=ldap,dc=tces.ilc.edu.tw
uid: s0990999
cn:: 5Zub+gMjHlpbPpfoirPnkak=
sn:: 5Zub+gMjHlpbPpfoirPnkak=
mail: s0990999@tces.ilc.du.tw
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword:: e2
loginShell: /sbin/nologin
uidNumber: 1322
gidNumber: 1073
homeDirectory: /home/s0990/s0990999
gecos:: 5Zub+gMjHlpbPpfoirPnkak=

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

4. 測試連線
# lftp -u s0990999 192.168.1.9
密碼:
lftp s0990999@192.168.1.9:~> ls
-rw-r–r–   1 s0990999 1073        73416 Jan  7 13:06 Pietty.reg
lftp s0990999@192.168.1.9:/>

5. 檢查使者的家目錄是否會自動建立
# ls -l /home/s0990
total 4
drwx——. 2 1322 1073 4096 Jan  7 20:53 s0990999

在 FTP Server 上也可以發現使用者的家目錄會自動建立