add static user possibility

Dockerfile

@@ -2,7 +2,7 @@ FROM registry.gitlab.com/thallian/docker-confd-env:master
 
 RUN apk add --no-cache libressl openssh-client openldap zlib
 RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing \
-    proftpd proftpd-mod_ldap proftpd-mod_sftp
+    proftpd proftpd-mod_ldap proftpd-mod_sftp proftpd-utils
 
 RUN addgroup -g 2222 access
 RUN addgroup proftpd access

README.md

@@ -8,8 +8,20 @@ File access with [ProFTPD](http://www.proftpd.org/) over sftp and ldap authentic
 ## SERVER_NAME
 Name displayed to connecting users.
 
+## STATIC_USER
+A static username for authentication.
+
+## STATIC_PASSWORD
+Password for the static user.
+
+## STATIC_UID
+Uid for the static user.
+
+## STATIC_GID
+Gid for the static user.
+
 ## LDAP_URI
-Full ldap uri with search qualifier.
+Full ldap uri with search qualifier. Disables ldap auth if empty.
 
 For example: `ldap://ldap:389/??sub`
 

rootfs/etc/confd/templates/proftpd.conf.tmpl

@@ -20,6 +20,10 @@ WtmpLog off
 LoadModule mod_ldap.c
 LoadModule mod_sftp.c
 
+{{if (getenv "STATIC_USER")}}
+AuthUserFile /etc/proftpd/passwd
+{{end}}
+
 <IfModule mod_sftp.c>
     SFTPEngine on
     SFTPAuthMethods password
@@ -28,6 +32,7 @@ LoadModule mod_sftp.c
     SFTPOptions IgnoreSCPUploadPerms IgnoreSFTPUploadPerms
 </IfModule>
 
+{{if (getenv "LDAP_URI")}}
 <IfModule mod_ldap.c>
     AuthOrder mod_ldap.c
 
@@ -47,3 +52,4 @@ LoadModule mod_sftp.c
     LDAPGenerateHomedirPrefix /var/lib/ftp/data
     LDAPForceGeneratedHomedir on
 </IfModule>
+{{end}}

rootfs/etc/cont-init.d/04-static-user

@@ -0,0 +1,14 @@
+#!/usr/bin/with-contenv sh
+
+if [ ! -z ${STATIC_USER+x} ]; then
+    ftpasswd \
+        --sha512 \
+        --passwd \
+        --home /var/lib/ftp/data \
+        --uid ${STATIC_UID} \
+        --gid ${STATIC_GID} \
+        --name ${STATIC_USER} \
+        --shell /bin/sh \
+        --file /etc/proftpd/passwd \
+        --stdin ${STATIC_PASSWORD}
+fi