user-access/README.md

77 lines
1.4 KiB
Markdown
Raw Normal View History

2016-10-31 18:21:10 +00:00
File access with [ProFTPD](http://www.proftpd.org/) and ldap authentication.
2016-10-31 17:53:00 +00:00
# Volumes
- `/var/lib/proftp/data`: root directory for files
- `/etc/ssl/proftp:ro`: certificates have to be here
# Environment Variables
## SERVER_NAME
Name displayed to connecting users.
## PASSIVE_LOWER_BOUND
Lower bound for the passive port range.
## PASSIVE_UPPER_BOUND
Upper bound for the passive port range.
## TLS_PROTOCOL
- default: TLSv1.2
SSL/TLS protocol version to use.
## TLS_CIPHERS
- default: AES128+EECDH:AES128+EDH
Cipher list to use.
## CERT_NAME
- default: fullchain.pem
Name of the certificate file.
## KEY_NAME
- default: privkey.pem
Name of the key file.
## LDAP_URI
Full ldap uri with search qualifier.
For example: `ldap://ldap:389/??sub`
## LDAP_BASE
Base DN for ldap searches.
## LDAP_FILTER
Ldap [filter](http://www.proftpd.org/docs/directives/linked/config_ref_LDAPUsers.html) to find valid users.
`%u` is replaced with the username.
## LDAP_BIND_DN
DN to use when connecting to the ldap host.
## LDAP_BIND_PASSWORD
Password to use when connecting to the ldap host.
## LDAP_USE_TLS
- default: on
Whether to use tls when connecting to the ldap host.
## LDAP_USE_AUTH_BIND
- default: on
Whether to use auth bind with ldap.
# Ports
- 21
- All ports in the defined bounds
## Capabilities
- DAC_OVERRIDE
- NET_BIND_SERVICE
- SETGID
- SETUID
2016-10-31 19:45:16 +00:00
- SYS_CHROOT
-