proftp+openldap的问题

uponiixviiiiii · #1

CentOS的机器上装了OpenLDAP，按教程配置，只设置了Manager
在另一台机器上用LDAP Browser，JXplorer都能登录上去
(LDAP Browser好像只能读取，所以又装了个JXplorer，用JXplorer添加了cn=test,cn=ftpuser,dc=gdns,dc=gc)

代码：全选

# 	This file was generated on 2014-08-06 at 09:07:11
# 	by Softerra LDAP Browser 4.5 [ http://www.ldapadministrator.com ]
dn: dc=gdns,dc=gc
objectClass: dcObject
objectClass: organization
dc: gdns
o: gdns, Corp.

dn: cn=Manager,dc=gdns,dc=gc
objectClass: organizationalRole
cn: Manager

dn: cn=ftpuser,dc=gdns,dc=gc
objectClass: organizationalRole
objectClass: top
cn: ftpuser

dn: cn=test,cn=ftpuser,dc=gdns,dc=gc
cn: test
objectClass: person
objectClass: top
sn: test
userPassword: 123456

(其实我还试过装phpldapadmin,可是登录显示用户名密码错误)

然后在一台debian上装了proftp-base，proftp-mod-ldap
配置如下：
/etc/proftpd/modules.conf取消了下面这行的注释
LoadModule mod_ldap.c

/etc/proftpd/ldap.conf就下面这3行

代码：全选

LDAPServer ldaps://172.16.0.149:389
LDAPBindDN "cn=Manager,dc=gdns,dc=gc" "Manager密码"
LDAPUsers dc=ftpuser,dc=gdns,dc=gc (uid=%u) (uidNumber=%u)

/etc/proftpd/proftpd.conf取消了这两行的注释
Include /etc/proftpd/modules.conf
Include /etc/proftpd/ldap.conf

但还是不能用ldap的帐号进行登录，用debian的系统用户可以登

求解救 :em95

uponiixviiiiii · #2

从proftpd.log中发现一个问题
这里应该是ldap，不是ldaps(因为服务器还没配置加密连接)
LDAPServer ldap://172.16.0.149:389

修改后能“successfully bound”了，但还是登不上去
贴一个session的日志在这里

代码：全选

Aug 06 13:58:38 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'USER test' to mod_auth
Aug 06 13:58:38 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: not unbinding to an already unbound connection.
Aug 06 13:58:38 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: not unbinding to an already unbound connection.
Aug 06 13:58:38 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching CMD command 'USER test' to mod_ratio
Aug 06 13:58:38 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching CMD command 'USER test' to mod_auth
Aug 06 13:58:38 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching POST_CMD command 'USER test' to mod_exec
Aug 06 13:58:38 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching POST_CMD command 'USER test' to mod_delay
Aug 06 13:58:38 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching LOG_CMD command 'USER test' to mod_log
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_exec
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_rewrite
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_tls
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_shaper
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): ROOT PRIVS at mod_shaper.c:1998
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): RELINQUISH PRIVS at mod_shaper.c:2000
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_wrap2
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_ban
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_wrap
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_radius
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: not unbinding to an already unbound connection.
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: not unbinding to an already unbound connection.
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching CMD command 'PASS (hidden)' to mod_auth
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: generated filter dc=ftpuser,dc=gdns,dc=gc from template dc=ftpuser,dc=gdns,dc=gc and value test
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: generated filter (uid=test) from template (uid=%u) and value test
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: WARNING: LDAP URL search scopes default to 'base' (not 'sub') and may not be what you want.
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: attempting connection to ldap://172.16.0.149:389
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: set protocol version to 3
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: connected to ldap://172.16.0.149:389
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: successfully bound as cn=Manager,dc=gdns,dc=gc with password Manager密码
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: set dereferencing to 0
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: set query timeout to 5s
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: pr_ldap_search(): LDAP search failed: No such object
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): USER test: no such user found from 172.16.0.147 [172.16.0.147] to ::ffff:172.16.0.148:21
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_exec
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_shaper
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_wrap2
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_radius
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: successfully unbound
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: not unbinding to an already unbound connection.
Aug 06 13:58:41 debian proftpd[1984] 172.16.0.148 (172.16.0.147[172.16.0.147]): FTP session closed.

uponiixviiiiii · #3

问题还没解决，LDAP的水很深

最新的完整配置

代码：全选

dn: dc=gdns,dc=gc
objectClass: dcObject
objectClass: organization
o: gdns, Inc.
dc: gdns

dn: cn=Manager,dc=gdns,dc=gc
objectClass: organizationalRole
cn: Manager

dn: ou=persons,dc=gdns,dc=gc
objectClass: organizationalUnit
objectClass: top
ou: persons

dn: cn=test,ou=persons,dc=gdns,dc=gc
cn: test
objectClass: person
objectClass: top
objectClass: uidObject
sn: Test User
userPassword: {SSHA}0/LvhRxlamoO2kJu5YtZndSH+TQAWMr4/CkA9g==
uid: test

/etc/proftpd/ldap.conf

代码：全选

LDAPServer ldap://172.16.0.149:389
LDAPBindDN "cn=Manager,dc=gdns,dc=gc" "Manager密码"
LDAPUsers ou=persons,dc=gdns,dc=gc (uid=%u) (uidNumber=%u)

/etc/proftpd/modules.conf

代码：全选

ModulePath /usr/lib/proftpd

ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *

LoadModule mod_ctrls_admin.c
LoadModule mod_tls.c

LoadModule mod_ldap.c

LoadModule mod_radius.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c

LoadModule mod_quotatab_radius.c
LoadModule mod_wrap.c
LoadModule mod_rewrite.c
LoadModule mod_load.c
LoadModule mod_ban.c
LoadModule mod_wrap2.c
LoadModule mod_wrap2_file.c

LoadModule mod_dynmasq.c
LoadModule mod_exec.c
LoadModule mod_shaper.c
LoadModule mod_ratio.c
LoadModule mod_site_misc.c

LoadModule mod_sftp.c
LoadModule mod_sftp_pam.c

LoadModule mod_facl.c
LoadModule mod_unique_id.c
LoadModule mod_copy.c
LoadModule mod_deflate.c
LoadModule mod_ifversion.c
LoadModule mod_tls_memcache.c

LoadModule mod_ifsession.c

/etc/proftpd/proftpd.conf

代码：全选

DebugLevel			9

Include /etc/proftpd/modules.conf

IdentLookups			off
UseReverseDNS			off

ServerName			"Debian"
ServerType			standalone
DeferWelcome			off

MultilineRFC2228		on
DefaultServer			on
ShowSymlinks			on

TimeoutNoTransfer		600
TimeoutStalled			600
TimeoutIdle			1200

DisplayLogin                    welcome.msg
DisplayChdir               	.message true
ListOptions                	"-l"

DenyFilter			\*.*/

DefaultRoot			/home/ftpdir

RequireValidShell		off

Port				21


<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>

MaxInstances			30

User				proftpd
Group				nogroup

Umask				022  022

AllowOverwrite			on

PersistentPasswd		off

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>

<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        off
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

Include /etc/proftpd/ldap.conf

Include /etc/proftpd/conf.d/

最后一次尝试的日志

代码：全选

Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): connected - local  : ::ffff:172.16.0.148:21
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): connected - remote : 172.16.0.147:2709
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): FTP session opened.
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'USER test' to mod_exec
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'USER test' to mod_rewrite
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'USER test' to mod_tls
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'USER test' to mod_core
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'USER test' to mod_core
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'USER test' to mod_delay
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'USER test' to mod_auth
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: not unbinding to an already unbound connection.
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: not unbinding to an already unbound connection.
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching CMD command 'USER test' to mod_ratio
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching CMD command 'USER test' to mod_auth
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching POST_CMD command 'USER test' to mod_exec
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching POST_CMD command 'USER test' to mod_delay
Aug 08 10:09:45 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching LOG_CMD command 'USER test' to mod_log
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_exec
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_rewrite
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_tls
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_shaper
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): ROOT PRIVS at mod_shaper.c:1998
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): RELINQUISH PRIVS at mod_shaper.c:2000
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_wrap2
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_ban
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_wrap
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_radius
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: not unbinding to an already unbound connection.
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: not unbinding to an already unbound connection.
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching CMD command 'PASS (hidden)' to mod_auth
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: generated filter ou=persons,dc=gdns,dc=gc from template ou=persons,dc=gdns,dc=gc and value test
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: generated filter (uid=test) from template (uid=%u) and value test
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: WARNING: LDAP URL search scopes default to 'base' (not 'sub') and may not be what you want.
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: attempting connection to ldap://172.16.0.149:389
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: set protocol version to 3
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: connected to ldap://172.16.0.149:389
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: successfully bound as cn=Manager,dc=gdns,dc=gc with password Manager密码
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: set dereferencing to 0
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: set query timeout to 5s
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: searched under base DN ou=persons,dc=gdns,dc=gc using filter (uid=test)
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: no entries for filter (uid=test) under base DN ou=persons,dc=gdns,dc=gc
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): USER test: no such user found from 172.16.0.147 [172.16.0.147] to ::ffff:172.16.0.148:21
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_exec
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_shaper
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_wrap2
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_radius
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: successfully unbound
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): mod_ldap/2.9.0: not unbinding to an already unbound connection.
Aug 08 10:09:47 debian proftpd[2124] 172.16.0.148 (172.16.0.147[172.16.0.147]): FTP session closed.

uponiixviiiiii · #4

翻

墙，放google，又解决了一个问题
https://forums.proftpd.org/smf/index.php?topic=6368.0

LDAPServer ldap://172.16.0.149:389
改为
LDAPServer ldap://172.16.0.149:389/??sub

消灭了日志中的这条：
WARNING: LDAP URL search scopes default to 'base' (not 'sub') and may not be what you want.

uponiixviiiiii · #5

再贴一段ldap.log的内容

代码：全选

Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on 1 descriptor
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on:
Aug 14 08:00:00 testCentOS slapd[1121]: 
Aug 14 08:00:00 testCentOS slapd[1121]: slap_listener_activate(7): 
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=7 busy
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: >>> slap_listener(ldap:///)
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: listen=7, new connection on 14
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on 1 descriptor
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on:
Aug 14 08:00:00 testCentOS slapd[1121]: 
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: added 14r (active) listener=(nil)
Aug 14 08:00:00 testCentOS slapd[1121]: conn=1000 fd=14 ACCEPT from IP=172.16.0.148:34684 (IP=0.0.0.0:389)
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on 2 descriptors
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on:
Aug 14 08:00:00 testCentOS slapd[1121]:  14r
Aug 14 08:00:00 testCentOS slapd[1121]: 
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: read active on 14
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: connection_get(14)
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: connection_get(14): got connid=1000
Aug 14 08:00:00 testCentOS slapd[1121]: connection_read(14): checking for input on id=1000
Aug 14 08:00:00 testCentOS slapd[1121]: op tag 0x60, time 1407974400
Aug 14 08:00:00 testCentOS slapd[1121]: conn=1000 op=0 do_bind
Aug 14 08:00:00 testCentOS slapd[1121]: >>> dnPrettyNormal: <cn=Manager,dc=gdns,dc=gc>
Aug 14 08:00:00 testCentOS slapd[1121]: <<< dnPrettyNormal: <cn=Manager,dc=gdns,dc=gc>, <cn=manager,dc=gdns,dc=gc>
Aug 14 08:00:00 testCentOS slapd[1121]: conn=1000 op=0 BIND dn="cn=Manager,dc=gdns,dc=gc" method=128
Aug 14 08:00:00 testCentOS slapd[1121]: do_bind: version=3 dn="cn=Manager,dc=gdns,dc=gc" method=128
Aug 14 08:00:00 testCentOS slapd[1121]: ==> bdb_bind: dn: cn=Manager,dc=gdns,dc=gc
Aug 14 08:00:00 testCentOS slapd[1121]: conn=1000 op=0 BIND dn="cn=Manager,dc=gdns,dc=gc" mech=SIMPLE ssf=0
Aug 14 08:00:00 testCentOS slapd[1121]: do_bind: v3 bind: "cn=Manager,dc=gdns,dc=gc" to "cn=Manager,dc=gdns,dc=gc"
Aug 14 08:00:00 testCentOS slapd[1121]: send_ldap_result: conn=1000 op=0 p=3
Aug 14 08:00:00 testCentOS slapd[1121]: send_ldap_result: err=0 matched="" text=""
Aug 14 08:00:00 testCentOS slapd[1121]: send_ldap_response: msgid=1 tag=97 err=0
Aug 14 08:00:00 testCentOS slapd[1121]: conn=1000 op=0 RESULT tag=97 err=0 text=
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on 1 descriptor
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on:
Aug 14 08:00:00 testCentOS slapd[1121]: 
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on 1 descriptor
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on:
Aug 14 08:00:00 testCentOS slapd[1121]:  14r
Aug 14 08:00:00 testCentOS slapd[1121]: 
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: read active on 14
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: connection_get(14)
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: connection_get(14): got connid=1000
Aug 14 08:00:00 testCentOS slapd[1121]: connection_read(14): checking for input on id=1000
Aug 14 08:00:00 testCentOS slapd[1121]: op tag 0x63, time 1407974400
Aug 14 08:00:00 testCentOS slapd[1121]: conn=1000 op=1 do_search
Aug 14 08:00:00 testCentOS slapd[1121]: >>> dnPrettyNormal: <ou=persons,dc=gdns,dc=gc>
Aug 14 08:00:00 testCentOS slapd[1121]: <<< dnPrettyNormal: <ou=persons,dc=gdns,dc=gc>, <ou=persons,dc=gdns,dc=gc>
Aug 14 08:00:00 testCentOS slapd[1121]: SRCH "ou=persons,dc=gdns,dc=gc" 2 0
Aug 14 08:00:00 testCentOS slapd[1121]:     2 5 0
Aug 14 08:00:00 testCentOS slapd[1121]: begin get_filter
Aug 14 08:00:00 testCentOS slapd[1121]: EQUALITY
Aug 14 08:00:00 testCentOS slapd[1121]: end get_filter 0
Aug 14 08:00:00 testCentOS slapd[1121]:     filter: (uid=test)
Aug 14 08:00:00 testCentOS slapd[1121]:     attrs:
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on 1 descriptor
Aug 14 08:00:00 testCentOS slapd[1121]:  uid
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on:
Aug 14 08:00:00 testCentOS slapd[1121]:  uidNumber
Aug 14 08:00:00 testCentOS slapd[1121]: 
Aug 14 08:00:00 testCentOS slapd[1121]:  gidNumber
Aug 14 08:00:00 testCentOS slapd[1121]:  homeDirectory
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]:  loginShell
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: 
Aug 14 08:00:00 testCentOS slapd[1121]: conn=1000 op=1 SRCH base="ou=persons,dc=gdns,dc=gc" scope=2 deref=0 

filter="(uid=test)"
Aug 14 08:00:00 testCentOS slapd[1121]: conn=1000 op=1 SRCH attr=uid uidNumber gidNumber homeDirectory loginShell
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: => bdb_search
Aug 14 08:00:00 testCentOS slapd[1121]: bdb_dn2entry("ou=persons,dc=gdns,dc=gc")
Aug 14 08:00:00 testCentOS slapd[1121]: => bdb_dn2id("dc=gdns,dc=gc")
Aug 14 08:00:00 testCentOS slapd[1121]: <= bdb_dn2id: got id=0x1
Aug 14 08:00:00 testCentOS slapd[1121]: => bdb_dn2id("ou=persons,dc=gdns,dc=gc")
Aug 14 08:00:00 testCentOS slapd[1121]: <= bdb_dn2id: got id=0x3
Aug 14 08:00:00 testCentOS slapd[1121]: entry_decode: "ou=persons,dc=gdns,dc=gc"
Aug 14 08:00:00 testCentOS slapd[1121]: <= entry_decode(ou=persons,dc=gdns,dc=gc)
Aug 14 08:00:00 testCentOS slapd[1121]: => access_allowed: search access to "ou=persons,dc=gdns,dc=gc" "entry" 

requested
Aug 14 08:00:00 testCentOS slapd[1121]: <= root access granted
Aug 14 08:00:00 testCentOS slapd[1121]: => access_allowed: search access granted by manage(=mwrscxd)
Aug 14 08:00:00 testCentOS slapd[1121]: search_candidates: base="ou=persons,dc=gdns,dc=gc" (0x00000003) scope=2
Aug 14 08:00:00 testCentOS slapd[1121]: => bdb_dn2idl("ou=persons,dc=gdns,dc=gc")
Aug 14 08:00:00 testCentOS slapd[1121]: bdb_idl_fetch_key: @ou=persons,dc=gdns,dc=gc
Aug 14 08:00:00 testCentOS slapd[1121]: <= bdb_dn2idl: id=2 first=3 last=4
Aug 14 08:00:00 testCentOS slapd[1121]: => bdb_filter_candidates
Aug 14 08:00:00 testCentOS slapd[1121]: #011AND
Aug 14 08:00:00 testCentOS slapd[1121]: => bdb_list_candidates 0xa0
Aug 14 08:00:00 testCentOS slapd[1121]: => bdb_filter_candidates
Aug 14 08:00:00 testCentOS slapd[1121]: #011OR
Aug 14 08:00:00 testCentOS slapd[1121]: => bdb_list_candidates 0xa1
Aug 14 08:00:00 testCentOS slapd[1121]: => bdb_filter_candidates
Aug 14 08:00:00 testCentOS slapd[1121]: #011EQUALITY
Aug 14 08:00:00 testCentOS slapd[1121]: => bdb_equality_candidates (objectClass)
Aug 14 08:00:00 testCentOS slapd[1121]: => key_read
Aug 14 08:00:00 testCentOS slapd[1121]: bdb_idl_fetch_key: [b49d1940]
Aug 14 08:00:00 testCentOS slapd[1121]: <= bdb_index_read: failed (-30988)
Aug 14 08:00:00 testCentOS slapd[1121]: <= bdb_equality_candidates: id=0, first=0, last=0
Aug 14 08:00:00 testCentOS slapd[1121]: <= bdb_filter_candidates: id=0 first=0 last=0
Aug 14 08:00:00 testCentOS slapd[1121]: => bdb_filter_candidates
Aug 14 08:00:00 testCentOS slapd[1121]: #011EQUALITY
Aug 14 08:00:00 testCentOS slapd[1121]: => bdb_equality_candidates (uid)
Aug 14 08:00:00 testCentOS slapd[1121]: => key_read
Aug 14 08:00:00 testCentOS slapd[1121]: bdb_idl_fetch_key: [3d87580c]
Aug 14 08:00:00 testCentOS slapd[1121]: <= bdb_index_read 1 candidates
Aug 14 08:00:00 testCentOS slapd[1121]: <= bdb_equality_candidates: id=1, first=4, last=4
Aug 14 08:00:00 testCentOS slapd[1121]: <= bdb_filter_candidates: id=1 first=4 last=4
Aug 14 08:00:00 testCentOS slapd[1121]: <= bdb_list_candidates: id=1 first=4 last=4
Aug 14 08:00:00 testCentOS slapd[1121]: <= bdb_filter_candidates: id=1 first=4 last=4
Aug 14 08:00:00 testCentOS slapd[1121]: <= bdb_list_candidates: id=1 first=4 last=4
Aug 14 08:00:00 testCentOS slapd[1121]: <= bdb_filter_candidates: id=1 first=4 last=4
Aug 14 08:00:00 testCentOS slapd[1121]: bdb_search_candidates: id=1 first=4 last=4
Aug 14 08:00:00 testCentOS slapd[1121]: entry_decode: "cn=test,ou=persons,dc=gdns,dc=gc"
Aug 14 08:00:00 testCentOS slapd[1121]: <= entry_decode(cn=test,ou=persons,dc=gdns,dc=gc)
Aug 14 08:00:00 testCentOS slapd[1121]: => bdb_dn2id("cn=test,ou=persons,dc=gdns,dc=gc")
Aug 14 08:00:00 testCentOS slapd[1121]: <= bdb_dn2id: got id=0x4
Aug 14 08:00:00 testCentOS slapd[1121]: => test_filter
Aug 14 08:00:00 testCentOS slapd[1121]:     EQUALITY
Aug 14 08:00:00 testCentOS slapd[1121]: => access_allowed: search access to "cn=test,ou=persons,dc=gdns,dc=gc" "uid" 

requested
Aug 14 08:00:00 testCentOS slapd[1121]: <= root access granted
Aug 14 08:00:00 testCentOS slapd[1121]: => access_allowed: search access granted by manage(=mwrscxd)
Aug 14 08:00:00 testCentOS slapd[1121]: <= test_filter 6
Aug 14 08:00:00 testCentOS slapd[1121]: => send_search_entry: conn 1000 dn="cn=test,ou=persons,dc=gdns,dc=gc"
Aug 14 08:00:00 testCentOS slapd[1121]: => access_allowed: read access to "cn=test,ou=persons,dc=gdns,dc=gc" "entry" 

requested
Aug 14 08:00:00 testCentOS slapd[1121]: <= root access granted
Aug 14 08:00:00 testCentOS slapd[1121]: => access_allowed: read access granted by manage(=mwrscxd)
Aug 14 08:00:00 testCentOS slapd[1121]: => access_allowed: result not in cache (uid)
Aug 14 08:00:00 testCentOS slapd[1121]: => access_allowed: read access to "cn=test,ou=persons,dc=gdns,dc=gc" "uid" 

requested
Aug 14 08:00:00 testCentOS slapd[1121]: <= root access granted
Aug 14 08:00:00 testCentOS slapd[1121]: => access_allowed: read access granted by manage(=mwrscxd)
Aug 14 08:00:00 testCentOS slapd[1121]: conn=1000 op=1 ENTRY dn="cn=test,ou=persons,dc=gdns,dc=gc"
Aug 14 08:00:00 testCentOS slapd[1121]: <= send_search_entry: conn 1000 exit.
Aug 14 08:00:00 testCentOS slapd[1121]: send_ldap_result: conn=1000 op=1 p=3
Aug 14 08:00:00 testCentOS slapd[1121]: send_ldap_result: err=0 matched="" text=""
Aug 14 08:00:00 testCentOS slapd[1121]: send_ldap_response: msgid=2 tag=101 err=0
Aug 14 08:00:00 testCentOS slapd[1121]: conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on 1 descriptor
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on:
Aug 14 08:00:00 testCentOS slapd[1121]:  14r
Aug 14 08:00:00 testCentOS slapd[1121]: 
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: read active on 14
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: connection_get(14)
Aug 14 08:00:00 testCentOS slapd[1121]: connection_get(14): got connid=1000
Aug 14 08:00:00 testCentOS slapd[1121]: connection_read(14): checking for input on id=1000
Aug 14 08:00:00 testCentOS slapd[1121]: op tag 0x42, time 1407974400
Aug 14 08:00:00 testCentOS slapd[1121]: ber_get_next on fd 14 failed errno=0 (Success)
Aug 14 08:00:00 testCentOS slapd[1121]: connection_read(14): input error=-2 id=1000, closing.
Aug 14 08:00:00 testCentOS slapd[1121]: connection_closing: readying conn=1000 sd=14 for close
Aug 14 08:00:00 testCentOS slapd[1121]: connection_close: deferring conn=1000 sd=14
Aug 14 08:00:00 testCentOS slapd[1121]: conn=1000 op=2 do_unbind
Aug 14 08:00:00 testCentOS slapd[1121]: conn=1000 op=2 UNBIND
Aug 14 08:00:00 testCentOS slapd[1121]: connection_resched: attempting closing conn=1000 sd=14
Aug 14 08:00:00 testCentOS slapd[1121]: connection_close: conn=1000 sd=14
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: removing 14
Aug 14 08:00:00 testCentOS slapd[1121]: conn=1000 fd=14 closed
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on 1 descriptor
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: activity on:
Aug 14 08:00:00 testCentOS slapd[1121]: 
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=7 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Aug 14 08:00:00 testCentOS slapd[1121]: daemon: epoll: listen=9 active_threads=0 tvp=zero

死磕到底

IMISME · #6

不知道楼主目前死磕磕出来了吗？我也在研究这个，不过时看官方文档配置，目前是在认证的时候报错failed: Invalid credentials
不知有没有可以交流的啊？准备搞定了写个帖子科普一下，找个资料真的太难了关于ldap和proftp的。

uponiixviiiiii · #7

IMISME 写了：不知道楼主目前死磕磕出来了吗？我也在研究这个，不过时看官方文档配置，目前是在认证的时候报错failed: Invalid credentials
不知有没有可以交流的啊？准备搞定了写个帖子科普一下，找个资料真的太难了关于ldap和proftp的。

我已经可耻地匿了

我在想，弄个自带schema文件的应用先玩玩看
Proftpd木有schema文件，坑啊

proftp+openldap的问题

proftp+openldap的问题

Re: proftp+openldap的问题

Re: proftp+openldap的问题

Re: proftp+openldap的问题

Re: proftp+openldap的问题

Re: proftp+openldap的问题

Re: proftp+openldap的问题