- 论坛徽章:
- 0
|
FTP client authenticated against username/passwords in LDAP database. Tested in Debian sarge
VSFTPD
1)enable SSL/PAM on on building vsftpd.
2)/etc/vsftpd.conf
listen=YES
anonymous_enable=NO
write_enable=YES
local_enable=YES
ssl_enable=YES
force_local_logins_ssl=YES
force_local_data_ssl=NO
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
#following useful values for ftp server behind firewall
pasv_enable=YES
pasv_min_port=50005
pasv_max_port=50010
SSL
Generate selfsinged certificates
openssl req -x509 -new -nodes -out vsftpd.pem -keyout vsftpd.pem -days 365
#copy vsftpd.pem /etc/ssl/certs/
LDAP
1)/etc/ldap/slapd.conf
suffix "dc=sarge,dc=local"
other default value should work
2)/etc/ldap/ldap.conf
host 127.0.0.1
base dc=sarge,dc=local
other default values should work
3)/etc/pam_ldap.conf
host 127.0.0.1
base dc=sarge,dc=local
other default values should work
4)/etc/pam.d/vsftpd
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth sufficient /lib/security/pam_ldap.so
account sufficient /lib/security/pam_ldap.so
5)create test user
#vi importuser
dn: cn=war,dc=sarge, dc=local
cn: war
sn: war
objectclass: top
objectclass: person
objectclass: posixAccount
uid:war
userpassword:pass123
uidnumber:110
gidnumber:110
loginShell:/bin/sh
homeDirectory: /home/war
dn: cn=ldap,dc=sarge, dc=local
objectclass: top
objectclass: posixGroup
cn: ldap
gidnumber: 110
memberuid: war
#ldapadd -x -D "cn=admin,dc=sarge,dc=local" -f importuser -W
Or use ldapbrower/editor GUI tool to edit ldap database |
|
免费注册
发表于 2005-05-11 14:12