Problem with proftpd+ldap auth against apacheDS

ghost_shadow · 11-16-2013, 08:40 PM

Hello people,
I really rarely seek for help, but this has become too much for me. I have a problem with user authentication against apacheds directory on Centos x86_64 .
my conf :

Code:

Linux 2.6.39 - 400.210.2.el6uek.x86_64 # 1
nginx version: nginx/1.4.3
ProFTPD Version 1.3.3g with proftpd - ldap mod install

Trying to configure proftpd so that I could log in with already existing users from the apacheds locally on the CentOS machine.

When I configure the Windows machines Cerberus FTP server , I properly can see users , but from linux shell I couldnot not view them .

When a search with ldapsearch

Code:

~ ] $ Ldapsearch - x -W -D " uid = admin , ou = system" - h 192.168.0.104 -p 10389 -b " ou = users , ou = groups , ou = system" -s sub - LLL " ( sSAMAccountName = % u) " - V

(sSAMAccountName or uid, is the same)

it get next log

Code:

ldap_initialize ( ldap :/ / 192.168.0.104:10389 )
Enter LDAP Password :
filter : ( % = sSAMAccountName in )
requesting : All userApplication attributes

but cant see anyone user

My configuration:

Code:

/ etc / ldap.conf

Code:

<IfModule mod_ldap.c>
#
# This is used for ordinary LDAP connections , with or without TLS
#
LDAPServer ldap :/ / 192.168.0.104:10389 /? ? Sub
LDAPDNInfo " uid = admin , ou = system" , " secret"
LDAPDoAuth on " ou = users , ou = groups , ou = system" ( uid = % u)
LDAPDefaultUID 511
LDAPDefaultGID 511
LDAPGenerateHomedir on
LDAPGenerateHomedirPrefix / home /
LDAPAuthBinds on
UseIPv6 off
</ IfModule >

The next occasion hapen:

sudo proftpd - n - d 20

Code:

*- Using TCP receive buffer size of 87380 bytes
*- Using TCP send buffer size of 16384 bytes
*- Testing Unix domain socket using S_ISFIFO
*- Testing Unix domain socket using S_ISSOCK
*- Using S_ISSOCK macro for Unix domain socket detection
*- Mod_tls/2.4.2 : using OpenSSL 1.0.0 - fips 29 Mar 2010
*- Retrieved UID 99 for user ' nobody'
*- Retrieved GID 99 for group ' nobody'
*- Loading ' mod_ldap.c '
*- Mod_ldap/2.8.22 : compiled using LDAP vendor ' OpenLDAP ' LDAP API version 3001
*- <IfDefine> : Skipping ' TLS ' section at line 175
*- <IfDefine> : Skipping ' DYNAMIC_BAN_LISTS ' section at line 192
*- <IfDefine> : Skipping ' ANONYMOUS_FTP ' section at line 225
*- ROOT PRIVS at mod_core.c : 304
*- <IfModule> : Using ' mod_ldap.c ' section at line 1
*- Disabling runtime support for IPv6 connections
*- Relinquish PRIVS at mod_core.c : 326
*- UseReverseDNS off , returning IP address instead of DNS name
192.168.0.104 -
192.168.0.104 - Config for ProFTPD server:
192.168.0.104 - ServerIdent
192.168.0.104 - DefaultServer
192.168.0.104 - VRootEngine
192.168.0.104 - DefaultRoot
192.168.0.104 - VRootAlias
192.168.0.104 - AuthPAMConfig
192.168.0.104 - AuthOrder
192.168.0.104 - UserID
192.168.0.104 - UserName
192.168.0.104 - GroupID
192.168.0.104 - GroupName
192.168.0.104 - UseSendfile
192.168.0.104 - LDAPServer
192.168.0.104 - LDAPDNInfo
192.168.0.104 - LDAPDoAuth
192.168.0.104 - LDAPDefaultUID
192.168.0.104 - LDAPDefaultGID
192.168.0.104 - LDAPGenerateHomedir
192.168.0.104 - LDAPGenerateHomedirPrefix
192.168.0.104 - LDAPAuthBinds
192.168.0.104 - Limit
192.168.0.104 - AllowAll
192.168.0.104 - Umag
192.168.0.104 - AllowOverwrite
192.168.0.104 - ROOT PRIVS at mod_delay.c : 354
192.168.0.104 - Relinquish PRIVS at mod_delay.c : 359
192.168.0.104 - ROOT PRIVS at mod_ctrls.c 1139
192.168.0.104 - Relinquish PRIVS at mod_ctrls.c : 1141
192.168.0.104 - mod_lang/0.9 : binding to text domain ' proftpd ' using locale path '/ usr / share / locale '
192.168.0.104 - mod_lang/0.9 : using locale files in ' / usr / share / locale '
192.168.0.104 - mod_lang/0.9 : added the following supported languages: zh_TW , en_US , ru_RU , bg_BG , zh_CN , fr_FR , ko_KR , ja_JP , it_IT
192.168.0.104 - retrieved group ID: 99
192.168.0.104 - setting group ID: 99
192.168.0.104 - SETUP PRIVS at main.c : 3133
192.168.0.104 - ROOT PRIVS at main.c : 2155
192.168.0.104 - Relinquish PRIVS at main.c : 2162
192.168.0.104 - ROOT PRIVS at main.c : 2490
192.168.0.104 - opening scoreboard '/ var / run / proftpd / proftpd.scoreboard '
192.168.0.104 - Relinquish PRIVS at main.c : 2516
192.168.0.104 - ROOT PRIVS at inet.c : 350
192.168.0.104 - Relinquish PRIVS at inet.c : 413
192.168.0.104 - ProFTPD 1.3.3g ( maint ) ( built Mon Sep 14 2013 20:13:10 UTC) standalone mode STARTUP
192.168.0.104 - ROOT PRIVS at pidfile.c 48
192.168.0.104 - Relinquish PRIVS at pidfile.c : 50
192.168.0.104 - ROOT PRIVS at main.c : 1247
192.168.0.104 - Relinquish PRIVS at main.c : 1251
192.168.0.104 - no matching vhost found for 127.0.0.1 # 21, using ' ProFTPD server ' listening on wildcard address
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - ROOT PRIVS at main.c : 1095
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - SETUP PRIVS at main.c : 1100
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - session requested from client in unknown class
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - performing module session initializations
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - mod_cap/1.0 : adding CAP_AUDIT_WRITE capability
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - mod_ident/1.0 : ident lookup disabled
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - ROOT PRIVS at mod_delay.c : 1465
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - Relinquish PRIVS at mod_delay.c 1470
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - ROOT PRIVS at mod_auth.c : 133
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - opening scoreboard '/ var / run / proftpd / proftpd.scoreboard '
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - Relinquish PRIVS at mod_auth.c : 135
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - AuthOrder in effect , resetting auth module order
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - connected - local: 127.0.0.1:21
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - connected - remote : 127.0.0.1:63510
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - FTP session opened .
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching PRE_CMD command ' USER mletic ' to mod_tls
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching PRE_CMD command ' USER mletic ' to mod_core
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching PRE_CMD command ' USER mletic ' to mod_core
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching PRE_CMD command ' USER mletic ' to mod_delay
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching PRE_CMD command ' USER mletic ' to mod_auth
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching CMD command ' USER mletic ' to mod_auth
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching POST_CMD command ' USER mletic ' to mod_delay
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching LOG_CMD command ' USER mletic ' to mod_log
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching PRE_CMD command ' PASS ( hidden ) ' to mod_tls
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching PRE_CMD command ' PASS ( hidden ) ' to mod_core
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching PRE_CMD command ' PASS ( hidden ) ' to mod_core
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching PRE_CMD command ' PASS ( hidden ) ' to mod_vroot
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - mod_vroot/0.9.2 : vroot registered
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching PRE_CMD command ' PASS ( hidden ) ' to mod_delay
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching PRE_CMD command ' PASS ( hidden ) ' to mod_auth
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching CMD command ' PASS ( hidden ) ' to mod_auth
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - USER mletic : no such user found from 127.0.0.1 [ 127.0.0.1 ] to 127.0.0.1:21
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching POST_CMD_ERR command ' PASS ( hidden ) ' to mod_vroot
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - mod_vroot/0.9.2 : vroot unregistered
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching POST_CMD_ERR command ' PASS ( hidden ) ' to mod_delay
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching LOG_CMD_ERR command ' PASS ( hidden ) ' to mod_log
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching LOG_CMD_ERR command ' PASS ( hidden ) ' to mod_auth
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching PRE_CMD command ' SYST ' to mod_tls
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching PRE_CMD command ' SYST ' to mod_core
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching PRE_CMD command ' SYST ' to mod_core
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching CMD command ' SYST ' to mod_core
192.168.0.104 ( 127.0.0.1 [ 127.0.0.1 ] ) - dispatching LOG_CMD command ' SYST ' to mod_log
192.168.0.104 - ROOT PRIVS at mod_ctrls.c : 693
192.168.0.104 - Relinquish PRIVS at mod_ctrls.c : 697

Andre.Smit · 11-16-2013, 10:48 PM

Look in /var/log/messages or /var/log/ldap? I am not sure, but do something like grep /var/log/* LDAP or ldap and see what you find?

ghost_shadow · 11-17-2013, 02:41 PM

~]$ sudo tail -f /var/log/messages

Code:

Nov 17 21:34:14 abies-jira-linux nslcd[14381]: [5dfcf0] ldap_result() failed: No such object
Nov 17 21:34:55 abies-jira-linux nslcd[14381]: [97e3e4] ldap_result() failed: No such object
Nov 17 21:35:03 abies-jira-linux nslcd[14381]: [3b0a9e] ldap_result() failed: No such object
Nov 17 21:37:17 abies-jira-linux nslcd[14381]: [fd6b4f] ldap_result() failed: No such object
Nov 17 21:37:31 abies-jira-linux nslcd[14381]: [15ff32] ldap_result() failed: No such object
Nov 17 21:37:37 abies-jira-linux nslcd[14381]: [438d15] ldap_result() failed: No such object
Nov 17 21:37:37 abies-jira-linux nslcd[14381]: [9e3149] ldap_result() failed: No such object
Nov 17 21:37:43 abies-jira-linux nslcd[14381]: [6e4afd] ldap_result() failed: No such object
Nov 17 21:38:27 abies-jira-linux nslcd[14381]: [a1b582] ldap_result() failed: No such object
Nov 17 21:39:32 abies-jira-linux nslcd[14381]: [f72e4e] ldap_result() failed: No such object
Nov 17 21:39:52 abies-jira-linux nslcd[14381]: [46b5a9] ldap_result() failed: No such object
Nov 17 21:40:07 abies-jira-linux nslcd[14381]: [888a08] ldap_result() failed: No such object
Nov 17 21:40:07 abies-jira-linux nslcd[14381]: [082c70] ldap_result() failed: No such object