Apache Incubator FTPServer

the Incubator site
Home
 
   

LDAP Support

PDF
PDF

by Rana Bhattacharyya

Overview

The LdapUserManager is an user manager implementation that authenticates against an LDAP server using JNDI login using the ftp server configuration options. You would use the LdapUserManager if your username and credential information are store in an LDAP server that is accessible using a JNDI LDAP provider.

This user manager has been tested using Netscape Directory Server 4.1. LDAP requires the password to be nonempty for simple authentication. So instead of using empty string password (""), we will be using single space (" "). The required LDAP attribute types:

  • memberuid
  • uid
  • cn
  • sn
  • userpassword
  • objectclass
  • enableflag (created by ftp-db.ldif file)
  • homedirectory
  • writepermission (created by ftp-db.ldif file)
  • idletime (created by ftp-db.ldif file)
  • uploadrate (created by ftp-db.ldif file)
  • downloadrate (created by ftp-db.ldif file)

Some of the above mentioned attribute types are created by ftp-db.ldif schema file. The schema file also creates an object class called ftpUsers derived from inetOrgPerson and have all these attributes. Assumed LDAP objectclass hierarchy: 

        top
         |
       person
         |
organizationalPerson
         |
   inetOrgPerson
         |
      ftpUsers

Load LDAP schema ftp-db.ldif to add user manager attributes. The commands to load the schema is 

ldapmodify -v -h localhost -p 389 -D "cn=Directory Manager" -w <password> -f ftp-db.ldif

Please change host, port, user and password parameters.

Configuration

ftp-assembly.xml

The first step is to make sure that we are using the right user manager implementation. The fully qualified name of the LDAP based user manager is org.apache.ftpserver.LdapUserManager. So we have to use this class name in ftp-assembly.xml file. The user-manager block should be: 

<!-- user manager block -->
<block class="org.apache.ftpserver.usermanager.LdapUserManager" name="user-manager"/>

ftp-config.xml

The next step is to use appropriate configuration parameters. So we have to modify ftp-config.xml file. 

<!-- LDAP based user manager -->
<url>ldap://localhost:389</url>
<admin>cn=Directory Manager</admin>
<password>password</password>
<authentication>simple</authentication>  
<root>ou=people,o=apache.org</root>
<prefix>uid=</prefix>
<suffix>,ou=people,o=apache.org</suffix>

Configuration parameters :

  • url : The ldap URL for the LDAP server. For example, ldap://localhost:389 URL means LDAP has been installed in the local machine and the port is 389.
  • admin : This is the distinguished name (DN) of the LDAP administrator.
  • password : LDAP administrator's password.
  • authentication : Security level to use. This defaults to "simple".
  • root : The LDAP root where the ftp users will be stored.
  • prefix : A prefix to add to the username to form the user distinguished name (DN). See suffix for more info..
  • suffix : Suffix to add to the username when forming the user distiguished name (DN). This is useful if you prompt a user for a username and you don't want the user to have to enter the fully distinguished name. Using this property and prefix the userDN will be formed as String userDN = prefix + username + suffix;
Copyright © 2003 The Apache Software Foundation. All rights reserved.