내 FTP에서 LDAP로 로그인하고 싶습니다. conf 파일을 사용하여:
<IfModule mod_ldap.c>
LDAPLog /var/log/proftpd/ldap.log
LDAPProtocolVersion 3
DebugLevel 3
LDAPAuthBinds on
LDAPServer ldap://localhost
LDAPBindDN "cn=admin,dc=example,dc=com" "pass"
LDAPUsers "ou=example.com,ou=Domains,dc=example,dc=com" "(uid=%u)"
LDAPSearchScope subtree
LDAPGenerateHomedir off
LDAPGenerateHomedirPrefix /var/mediaserver
</IfModule>
user2 사용자로 로깅
# user2, example.com, Domains, example.com
dn: uid=user2,ou=example.com,ou=Domains,dc=example,dc=com
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
objectClass: qmailUser
cn: yann example
mail: [email protected]
sn: Gailard
qmailGID: 5000
qmailUID: 5000
uid: user2
userPassword:: e1NTSEF9NXJNTS8zZjhLaTEzSXlhckdUdHd6aWVvVHU3S01nd2M=
mailMessageStore: /var/vmail/example.com/user2/
로그에 따르면
2020-08-22 17:53:15,397 mod_ldap/2.9.4[42030]: generated filter ou=example.com,ou=Domains,dc=example,dc=com from template ou=example.com,ou=Domains,dc=example,dc=com and value user2
2020-08-22 17:53:15,397 mod_ldap/2.9.4[42030]: generated filter (uid=user2) from template (uid=%u) and value user2
2020-08-22 17:53:15,398 mod_ldap/2.9.4[42030]: attempting connection to URL ldap://localhost
2020-08-22 17:53:15,398 mod_ldap/2.9.4[42030]: set LDAP protocol version to 3
2020-08-22 17:53:15,398 mod_ldap/2.9.4[42030]: connected to URL ldap://localhost
2020-08-22 17:53:15,400 mod_ldap/2.9.4[42030]: successfully bound as DN 'cn=admin,dc=example,dc=com' with password (see config)
2020-08-22 17:53:15,400 mod_ldap/2.9.4[42030]: set dereferencing to 0
2020-08-22 17:53:15,400 mod_ldap/2.9.4[42030]: set query timeout to 5 secs
2020-08-22 17:53:15,400 mod_ldap/2.9.4[42030]: searched under base DN ou=example.com,ou=Domains,dc=example,dc=com using filter (uid=user2)
2020-08-22 17:53:15,400 mod_ldap/2.9.4[42030]: no entries for filter (uid=user2) under base DN ou=example.com,ou=Domains,dc=example,dc=com
2020-08-22 17:53:19,361 mod_ldap/2.9.4[42030]: connection successfully unbound
2020-08-22 17:53:19,362 mod_ldap/2.9.4[42030]: not unbinding to an already unbound connection
나는 proftp가 user2를 찾지 못하는 이유를 정말로 모르겠습니다. CentOS7을 사용하고 있습니다
답변1
문제는 로깅에 표시된 것과 완전히 다릅니다. SystemLog /var/log/proftpd/proftpd.log
적절한 로깅 문제에 대해 활성화합니다 . unix 및 pam 인증을 비활성화하고 ldap 인증만 허용합니다.