RSS
 

Archive for the ‘LDAP’ Category

Suse FTP users authenticated from eDirectory via LDAP

14 Jul

I recently needed to integrate eDirectory users and FTP access on a Suse 10x server. The following describe the steps needed to get things talking.

Here are some reference links for supplemental information


How to Configure Linux to Authenticate to eDirectory via LDAP


AppNote: PAM Integration with eDirectory and LDAP


Installing Pure-FTPd on SLES 10

I’m assuming your eDirectory’s schema has been udpated, see the 1st link if you need to do so.

Login in Suse and launch YaST.
Navigate to Network Services -> LDAP Client
Fill out the parameters to math your LDAP setup. Be sure to check “LDAP TLS/SSL” also make sure that LDAP is setup for TLS via Console One.

Update /etc/pam.d/login and /etc/pam.d/xdm to include
session required /lib/security/pam_mkhomedir.so skel=/etc/skel umask=0022
Doing so will create home directories for the users when they login if they don’t already exist.

Note that the contents of the directory you set skel=”” will be copied when creating the user’s directory.

At this point an LDAP user should be able to authenticate (login) to the Suse server provided the have a User ID / Group ID / Home Directory etc assigned in eDirectory (See the “UNIX” tab in console 1).

On to FTP.

Use YaST to verify that pure-ftpd is enabled. Navigate to Network Services->Network Services (xientd). Look for Server “/usr/sbin/pure-ftpd”, the status should be ON. Toggle status to On if necessary.

Open up /etc/pure-ftpd/pure-ftpd.conf
Make sure the following lines are NOT commented:

PAMAuthentication yes
LDAPConfigFile /etc/pure-ftpd/pureftpd-ldap.conf
UnixAuthentication yes

At this point you’ll want to save this file and make sure /etc/pure-ftpd/pureftpd-ldap.conf exists and has valid entires.
Here’s a sample file

LDAPServer ldap.yourdomain.com
LDAPProt 389
LDAPBaseDN o=YourOrg
LDAPBindDN cn=admin,o=YourOrg
LDAPBindPW secret
LDAPDefaultUID 500
LDAPDefault GID 100

Save /etc/pure-ftpd/pureftpd-ldap.conf.

Finally, we want to enable PAM for pure-ftpd. Open /etc/pam.d/pure-ftpd. Add the following lines

auth sufficient pam_ldap.so
account sufficient pam_ldap.so
session optional pam_ldap.so

Issue the following command to run pure-ftpd from the config options /usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf

Restart the pure-ftpd daemon: rcpure-ftpd restart

Happy ftp’ing 🙂