eBox with FTP Server

[dmeireles]

Hi there. Simple question: are there plans to include ftp server software with LDAP auth in eBox? In my case it would be very handy, because it would allow the users to access their files when on a remote public location, and the linux users would prefer this method to upload and download files to their homes on the server. Sure, I could use the new public_html feature, but prefer FTP (also because of the upload thing). I've already tried to do this with the proftpd-ldap package in the repository for 0.11.99, but couldn't managed to get it done (don't know if it is because it's an old version of ProFTP...).

PS: could you include the ftp command in the next releases? until now, this packages doesn't come installed and it can't be installed (dependency problems), and it's quite a handy tool...

Thanks

[sixstone]

It's a planned feature to include a FTP module. Lots of people are demanding this module but we are very lack of resources. Anyway, I also think proftpd is the best FTP server option to include within eBox.

The next release, which is Ubuntu-based one, does include ftp command by default .

[dmeireles]

It's a planned feature to include a FTP module. Lots of people are demanding this module but we are very lack of resources. Anyway, I also think proftpd is the best FTP server option to include within eBox.

The next release, which is Ubuntu-based one, does include ftp command by default .

Glad to hear that and thanks for the answer!

Best regards,
David

[eveterinary]

That's great! I was planning to use it on my project. I need ftp support(i think xubuntu + ebox would be great too:)). I am building a web based automation system to my university. I am plannig because, it looks like so easy to manage by web . I dont have so much experiences on linux, and that v. number "0.11.100" makes me worried  .

Is it really stable&safe?

[dmeireles]

Chill out, it's a good product. I've been using it in production environments with no problem at all, but if you want ftp auth in ldap, you've got to make it on your own (I've tried with no success)

[dmeireles]

Ok, I've being trying this on my own, but with no success... I'm using the proftpd ldap package. This is my /etc/proftpd/ldap.conf file

# Proftpd sample configuration for LDAP authentication.
#
# (This is not to be used if you prefer a PAM-based SQL authentication)
#

<IfModule mod_ldap.c>
#
# This is used for ordinary LDAP connections, with or without TLS
#
LDAPServer SERVER'S FQDN
LDAPDNInfo cn=admin,dc=ebox MY_EBOX_SECRET
LDAPDoAuth on "dc=Users,dc=ebox" (&(uid=%v)(objectclass=posixAccount))
#LDAPDoUIDLookups on "dc=Users,dc=ebox" (&(uid=%v)(objectclass=posixAccount))
#LDAPDoGIDLookups on "dc=Users,dc=ebox" (&(uid=%v)(objectclass=posixAccount))
#LDAPDefaultAuthScheme clear
#
# To be set on only for LDAP/TLS on ordinary port, for LDAP+SSL see below
#LDAPUseTLS on
#

#
# This is used for encrypted LDAPS connections
#
#LDAPServer ldaps://ldap.example.com
#LDAPDNInfo "cn=admin,dc=example,dc=com" "admin_password"
#LDAPDoAuth on "dc=users,dc=example,dc=com"
#
#</IfModule>

I've also tryed with diferent objecclasses, but with no success. While trying to connect, the /var/log/proftpd/proftpd.log file says:

mod_ldap/2.8.17: pr_ldap_user_lookup(): LDAP search failed: No such object


I can use Apache Studio to browse the eBox's LDAP, so I think it's not a problem accessing the LDAP server. I've also tryed to use the LDAPDoAuth parameter without the filter, but still doesn't work. Is there a way to set this up to use the ebox ldap db? If not, is there a way to do this in VSFTP?

[javi]

I think you are close to have it working.

Try to look into the ftp and slapd logs to see what's going on:

You can enable the slapd the logs if you modify in /etc/ldap/slapd.conf the parameter loglevel to 256 or 512. Restart slapd /etc/init.d/slapd and look into its logs in /var/log/syslog.

That should help you to see what's going on.

Good luck

[dmeireles]

Javi, syslog shows nothing, althrough I have setted the loglevel to 512. The only place where something is logged is on the proftp log (gonna check if there is a way to increase its verbosity). But tell me, are the dc and cn names correct in my configuration? Does the ebox ldap configuration restricts in any way access to the database from localhost?

[javi]

Javi, syslog shows nothing, althrough I have setted the loglevel to 512. The only place where something is logged is on the proftp log (gonna check if there is a way to increase its verbosity). But tell me, are the dc and cn names correct in my configuration? Does the ebox ldap configuration restricts in any way access to the database from localhost?

Cool that gives us a hint. Proftp is not even connecting to the slapd server.

eBox ldap configuration doesn't prevent connections from localhost.

It should be  ou=Users,dc=ebox instead of dc=Users,dc=ebox

What's your LDAPServer conf?

[dmeireles]

Cool that gives us a hint. Proftp is not even connecting to the slapd server.

eBox ldap configuration doesn't prevent connections from localhost.

It should be  ou=Users,dc=ebox instead of dc=Users,dc=ebox

What's your LDAPServer conf?

Javi, I thought that proftp got connected to the ldap, at least that's what the log sayd (check bold text), but..... check the text after the quote...

/var/log/proftp/proftpd.conf

Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: generated filter dc=Users,dc=ebox from template dc=Users,dc=ebox and value dmeireles
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: connected to SERVER.MY.DOMAIN:389
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: set protocol version to 3
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: successfully bound as cn=admin,dc=ebox with password MY_EBOX_SECRET
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: set dereferencing to 0
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: set query timeout to 0s
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: generated filter (&(uid=dmeireles)(objectclass=posixAccount)) from template (&(uid=%v)(objectclass=posixAccount)) and value dmeireles
Jul 08 15:56:19 aepdc proftpd[23391] SERVER.MY.DOMAIN (david-vaio.MY.DOMAIN[10.1.1.20]): mod_ldap/2.8.17: pr_ldap_user_lookup(): LDAP search failed: No such object

Here's the good news... I've changed the LDAPDoAuth like you said, now it takes a while to give me the login failed error. Looking at the logs, I've seen an "USER dmeireles (Login failed): Invalid shell: '' error... So, looked at the /etc/proftpd/proftpd.conf file and uncomented the line "RequireValidShell               off". After that, done a "/etc/init.d/proftpd restart".... AND IT WORKS!!! Gonna give my proftpd.conf file a cleanup, and then post it here, along with all the steps I took to set this thing up!!! Thanks for your help Javi! BTW, shloud I open a new thread with this how-to or continue here?

[javi]

Great!!!

I think you should post it in Tips and Tricks.

Thanks a lot!!

[dmeireles]

Done

http://forum.eboxplatform.com/index.php?topic=441.0

Are there plans to include this in future releases?

[Saturn2888]

Done

http://forum.eboxplatform.com/index.php?topic=441.0

Are there plans to include this in future releases?

Done
http://forum.ebox-platform.com/index.php?topic=3927