[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Fwd: about your ldap plugins for proftpd]





Kevin J. Menard, Jr. wrote:

Hey Prune,


Tuesday, July 17, 2001, 3:22:37 AM, you wrote:


P> Hi,

P> I had no answer from the author of the mod_ldap, so I forward this mail P> here...

Well, he usually takes a little bit, because he's a busy man, but he always
replies :)

P> Behind this mail, my question (for ldap apps developpers) is :
P> Is it a good thing to directly bind as a user or is it better to bind as P> manager (or privileged user), get the full DN for a user and then bind P> again as this user...?


Depends on what you want.  And the ProFTPd directives more or less lay it
out for you.  I would bind directly as the user myself.  If you use a
privileged user, you have to store that password in a file, which I don't
like to do.  Apparently, a privileged bind allows any password scheme, but
this is of no consequence to me, since all my users use SSHA-1 for
passwords.

What I want is part of the mail (the old one, full :)
I want to have proftpd authenticate users in Ldap.
I want it the way I will not have to put any password in my configuration file.


So, I need to use a bind (maybe what you call authenticated bind) where the user will directly bind to ldap. Not the way it's working now, where the manager first bind, then the user.
Finaly, if it's possible with proftpd, what ACL should I put in ldap...


See what I mean ?

Prune

--
- le Centre - a Mad Cow Tribe product


(Very uncommon, but we should please everybody anyway, even disturbed minds)