PureFTPD and OpenLDAP

DeepY0X · 05-26-2009, 12:41 PM

Hi i am trying to configure pureftpd and openldap on gentoo linux, but i have the next errors in my logs:

Quote:

May 26 05:18:33 leonidas pure-ftpd: (?@?) [INFO] New connection from ?
May 26 05:18:33 leonidas pure-ftpd: (?@?) [DEBUG] Command [user] [deepyox]
May 26 05:18:34 leonidas pure-ftpd: (?@?) [DEBUG] Command [pass] [<*>]
May 26 05:18:34 leonidas slapd[25072]: conn=23 fd=11 ACCEPT from IP=127.0.0.1:56830 (IP=0.0.0.0:389)
May 26 05:18:34 leonidas slapd[25072]: conn=23 op=0 BIND dn="cn=Manager,dc=uladech,dc=edu,dc=pe" method=128
May 26 05:18:34 leonidas slapd[25072]: conn=23 op=0 BIND dn="cn=Manager,dc=uladech,dc=edu,dc=pe" mech=SIMPLE ssf=0
May 26 05:18:34 leonidas slapd[25072]: conn=23 op=0 RESULT tag=97 err=0 text=
May 26 05:18:34 leonidas slapd[25072]: conn=23 op=1 SRCH base="dc=uladech,dc=edu,dc=pe" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=deepyox))"
May 26 05:18:34 leonidas slapd[25072]: conn=23 op=1 SRCH attr=homeDirectory uidNumber FTPuid gidNumber FTPgid userPassword loginShell FTPStatus FTPQuotaFiles FTPQuotaMBytes FTPDownloadRatio FTPUploadRatio FTPDownloadBandwidth FTPUploadBandwidth
May 26 05:18:34 leonidas slapd[25072]: conn=23 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
May 26 05:18:34 leonidas slapd[25072]: conn=23 op=2 UNBIND
May 26 05:18:34 leonidas slapd[25072]: conn=23 fd=11 closed
May 26 05:18:34 leonidas pure-ftpd: (?@?) [WARNING] Authentication failed for user [deepyox]
May 26 05:18:39 leonidas pure-ftpd: (?@?) [INFO] Logout.

Well in the logs pureftpd connect with openldap but dont match the password.

I give you my files configurations:

================ /etc/conf.d/pureftpd =================

Quote:

IS_CONFIGURED="yes"
SERVER="-S 21"
MAX_CONN="-c 30"
MAX_CONN_IP="-C 10"
DAEMON="-B"
DISK_FULL="-k 90%"
AUTH="-l ldap:/etc/openldap/pureftpd-ldap.conf"
MISC_OTHER="-A -x -j -R -Z -c 5 -C 2 -d -E -i -j -u 100"

=============== /etc/openldap/pureftpd-ldap.conf =============

Quote:

LDAPServer localhost
LDAPPort 389
LDAPBaseDN dc=uladech,dc=edu,dc=pe
LDAPBindDN cn=Manager,dc=uladech,dc=edu,dc=pe
LDAPBindPW secret
LDAPDefaultUID 1001
LDAPDefaultGID 1004
#LDAPFilter (&(objectClass=posixAccount)(uid=\L))

==================/etc/openldap/slapd.conf=============

Code:

Código:
include      /etc/openldap/schema/core.schema
include      /etc/openldap/schema/cosine.schema
include      /etc/openldap/schema/inetorgperson.schema
include      /etc/openldap/schema/nis.schema
include      /etc/openldap/schema/pureftpd.schema
pidfile      /var/run/openldap/slapd.pid
argsfile   /var/run/openldap/slapd.args
modulepath   /usr/lib/openldap/openldap
moduleload   back_hdb.so
database   bdb
suffix      "dc=uladech,dc=edu,dc=pe"
checkpoint   32   30
rootdn      "cn=Manager,dc=uladech,dc=edu,dc=pe"
rootpw      secret
directory   /var/lib/openldap-data
index   objectClass   eq
index   uid   eq

====================== directory.ldif =================

Quote:

dn: dc=uladech,dc=edu,dc=pe
objectclass: dcObject
objectclass: organization
o: ULADECH Catolica
dc: uladech
dn: cn=Manager,dc=uladech,dc=edu,dc=pe
objectclass: organizationalRole
cn: Manager
dn: ou=users,dc=uladech,dc=edu,dc=pe
ou: users
description: Usuarios Uladech Catolica
objectclass: organizationalunit
dn: ou=groups,dc=uladech,dc=edu,dc=pe
ou: groups
description: Grupos
objectclass: organizationalunit
dn: uid=deepyox,ou=users,dc=uladech,dc=edu,dc=pe
objectClass: PureFTPdUser
objectClass: posixAccount
cn: Ernie
uid: deepyox
uidNumber: 501
gidNumber: 101
homeDirectory: /home/ftp/DeepY0X
userPassword: secretmy
FTPStatus: TRUE
FTPQuotaFiles: 50
FTPQuotaMBytes: 10
FTPDownloadBandwidth: 50
FTPUploadBandwidth: 50
FTPDownloadRatio: 5
FTPUploadRatio: 1

Well i hope that somebody help me with it, thanks

bathory · 05-28-2009, 12:19 AM

Quote:

May 26 05:18:34 leonidas slapd[25072]: conn=23 op=1 SRCH base="dc=uladech,dc=edu,dc=pe" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=deepyox))"
May 26 05:18:34 leonidas slapd[25072]: conn=23 op=1 SRCH attr=homeDirectory uidNumber FTPuid gidNumber FTPgid userPassword loginShell FTPStatus FTPQuotaFiles FTPQuotaMBytes FTPDownloadRatio FTPUploadRatio FTPDownloadBandwidth FTPUploadBandwidth
May 26 05:18:34 leonidas slapd[25072]: conn=23 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=

I don't think it's a password problem at a first place, since the search returns no results. Does the following ldapserach returns any results?

Code:

ldapsearch -x -z 100 -b 'dc=uladech,dc=edu,dc=pe' '(uid=deepyox)'

The problem is with the ldif file. You must use a blank line separatind each dn entry.

DeepY0X · 05-29-2009, 09:32 AM

Quote:

Originally Posted by bathory

I don't think it's a password problem at a first place, since the search returns no results. Does the following ldapserach returns any results?

Code:

ldapsearch -x -z 100 -b 'dc=uladech,dc=edu,dc=pe' '(uid=deepyox)'

The problem is with the ldif file. You must use a blank line separatind each dn entry.

Yes i get the entry:

Code:

dn: uid=deepyox,dc=uladech,dc=edu,dc=pe
objectClass: PureFTPdUser
objectClass: posixAccount
cn: Ernie
uid: deepyox
uidNumber: 1001
gidNumber: 1004
homeDirectory: /home/ftp/DeepY0X
userPassword: {SHA}fEqNCco3Yq9h5ZUglD3CZJT4lBs=
FTPStatus: TRUE
FTPQuotaFiles: 50
FTPQuotaMBytes: 10
FTPDownloadBandwidth: 50
FTPUploadBandwidth: 50
FTPDownloadRatio: 5
FTPUploadRatio: 1

My ldif file have blank line separating each entry

Greetings!

bathory · 05-29-2009, 05:49 PM

Does this query return any results?

Code:

ldapsearch -x -z 100 -b 'dc=uladech,dc=edu,dc=pe' '(&(objectClass=posixAccount)(uid=deepyox))' -D "cn=Manager,dc=uladech,dc=edu,dc=pe" -W

You have to give the password of the ldap server admin, not the user password. This is exactly the query done by the ftpserver to allow you to login.