From: Jaroslaw R. <ra...@ra...> - 2023-09-10 20:23:51
|
Dnia 10.09.2023 o godz. 10:49:18 TJ Saunders pisze: > > > recently I needed to configure ProFTPd to authenticate users in Microsoft AD > > domain. I think it's a well-known fact that AD LDAP directory by default > > does not contain any "uidNumber" and "gidNumber" (or equivalent) attribute. > > If you configure system-wide authentication to AD with sssd (according to > > many guides available on the net), it can use a special algorithm to map > > "objectSid" values present in the AD directory to UIDs and GIDs, therefore > > "producing" specific UID/GID values for each user. > > Going through some old emails, I ran across this. I've filed a GitHub issue for tracking this: > > https://github.com/proftpd/proftpd/issues/1716 Thank you. There is however another issue related to this. When I initially implemented this, some users were unable to login, because their usernames were internally stored as uppercase in the AD (while others were lowercase), and ProFTPd was unable to find home directory for the user, because it searched for "/home/USERNAME" while the actual directory was "/home/username". It returned a failure and the user was unable to login. So I needed also to introduce another patch (I don't have it at hand now, since I don't work on that server anymore) that lowercases the username before searching for home directory. I made this lowercasing mandatory, but of course there also can be a configuration setting controlling this. So while I don't have the actual patch right now, I kindly ask you to implement this. -- Regards, Jaroslaw Rafa ra...@ra... -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." |