Today I compiled ProFTPd with support for mod_ldap (authenticating against OpenLDAP). I set up proftpd.conf as per the documentation and authentication was still failing. After examining the log files for ProFTPd, I noticed that it was attempting to lookup various attributed in the LDAP server after entering a username but before entering a password. It was attempting to get the value of the "userPassword" attribute, which my ACLs didn't allow. After changing OpenLDAP's ACLs to the following, user authentication worked:
access to attribute=userPassword by dn="<REMOVED>" write by self write by * read This is far from what I want to have to do, however, as this allows anyone to see anyone else's encrypted password. Another option I thought of was changing the DN that ProFTPd attempts to bind as, but that'd require putting the root LDAP user's password in ProFTPd's configuration file. What's the best way to overcome this? Thanks. j. -- Jeremy L. Gaddis <[EMAIL PROTECTED]>