ProFTPD autenticando no LDAP

Elton Luís Minetto
13/05/2004

Procedimentos para configurar o servidor de FTP ProFTPD com autenticação no OpenLDAP

Obs: Testado com o proftpd-1.2.9

*Baixar os fontes do proftpd do site:
ftp://ftp.proftpd.org/distrib/source/

*Compilar:
./configure --prefix=/usr/local/proftpd --with-modules=mod_ldap
make
make install

*Arquivo de Configuração /usr/local/proftpd/etc/proftpd.conf:

--------Início proftpd.conf

# This is a basic ProFTPD configuration file (rename it to 
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName			"ProFTPD Default Installation"
ServerType			standalone
DefaultServer			on
DeferWelcome                    off

#LDAP
LDAPServer ldap.empresa.com.br
LDAPDNInfo cn=manager,o=empresa
LDAPDoAuth on "ou=People,o=empresa"	

# Port 21 is the standard FTP port.
Port				21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask				022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances			30

# Set the user and group under which the server will run.
User				nobody
Group				nobody

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot 	~ !adm

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart            on
AllowStoreRestart               on

# Define the log formats
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"


# Normally, we want files to be overwriteable.
#<Directory />
#  AllowOverwrite		on
#</Directory>
<Global>
  AllowOverwrite                yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>


# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
  User				ftp
  Group				ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias			anonymous ftp

  # Limit the maximum number of anonymous logins
  MaxClients			10

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin			welcome.msg
  DisplayFirstChdir		.message

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous>

--------Fim proftpd.conf

*Criar o diretório /home do usuário e dar permissões

*Iniciar servidor 
/usr/local/proftpd/sbin/proftpd