remove ldap auth
This commit is contained in:
parent
d7a5f7628a
commit
678d6d832b
12
Dockerfile
12
Dockerfile
@ -1,20 +1,14 @@
|
||||
FROM thallian/confd-env:latest
|
||||
|
||||
RUN apk add --no-cache \
|
||||
libressl \
|
||||
openssl \
|
||||
openssh-client \
|
||||
openldap \
|
||||
zlib
|
||||
|
||||
RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/main \
|
||||
libcrypto1.1
|
||||
zlib \
|
||||
perl
|
||||
|
||||
RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \
|
||||
proftpd \
|
||||
proftpd-mod_ldap \
|
||||
proftpd-mod_sftp \
|
||||
proftpd-mod_auth_file \
|
||||
proftpd-mod_site_misc \
|
||||
proftpd-utils
|
||||
|
||||
RUN addgroup -g 2222 access
|
||||
|
||||
40
README.md
40
README.md
@ -1,6 +1,4 @@
|
||||
# NO LONGER MAINTAINED
|
||||
|
||||
File access with [ProFTPD](http://www.proftpd.org/) over sftp and ldap authentication.
|
||||
File access with [ProFTPD](http://www.proftpd.org/) over sftp and a static user/password.
|
||||
|
||||
# Volumes
|
||||
- `/var/lib/ftp/data`: root directory for files
|
||||
@ -22,41 +20,5 @@ Uid for the static user.
|
||||
## STATIC_GID
|
||||
Gid for the static user.
|
||||
|
||||
## LDAP_URI
|
||||
Full ldap uri with search qualifier. Disables ldap auth if empty.
|
||||
|
||||
For example: `ldap://ldap:389/??sub`
|
||||
|
||||
## LDAP_BASE
|
||||
Base DN for ldap searches.
|
||||
|
||||
## LDAP_FILTER
|
||||
Ldap [filter](http://www.proftpd.org/docs/directives/linked/config_ref_LDAPUsers.html) to find valid users.
|
||||
|
||||
`%u` is replaced with the username.
|
||||
|
||||
## LDAP_BIND_DN
|
||||
DN to use when connecting to the ldap host.
|
||||
|
||||
## LDAP_BIND_PASSWORD
|
||||
Password to use when connecting to the ldap host.
|
||||
|
||||
## LDAP_USE_TLS
|
||||
- default: on
|
||||
|
||||
Whether to use tls when connecting to the ldap host.
|
||||
|
||||
## LDAP_USE_AUTH_BIND
|
||||
- default: on
|
||||
|
||||
Whether to use auth bind with ldap.
|
||||
|
||||
# Ports
|
||||
- 22
|
||||
|
||||
## Capabilities
|
||||
- DAC_OVERRIDE
|
||||
- NET_BIND_SERVICE
|
||||
- SETGID
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
|
||||
@ -30,25 +30,3 @@ AuthUserFile /etc/proftpd/passwd
|
||||
SFTPHostKey /etc/proftpd/keys/ssh_rsa_key
|
||||
SFTPOptions IgnoreSCPUploadPerms IgnoreSFTPUploadPerms
|
||||
</IfModule>
|
||||
|
||||
{{if (getenv "LDAP_URI")}}
|
||||
<IfModule mod_ldap.c>
|
||||
AuthOrder mod_ldap.c
|
||||
|
||||
LDAPAttr uid cn
|
||||
|
||||
LDAPServer {{getenv "LDAP_URI"}}
|
||||
LDAPUseTLS {{getenv "LDAP_USE_TLS" "on"}}
|
||||
LDAPAuthBinds {{getenv "LDAP_USE_AUTH_BIND" "on"}}
|
||||
LDAPBindDN "{{getenv "LDAP_BIND_DN"}}" {{getenv "LDAP_BIND_PASSWORD"}}
|
||||
|
||||
LDAPUsers {{getenv "LDAP_BASE"}} "{{getenv "LDAP_FILTER"}}"
|
||||
LDAPDefaultUID 101
|
||||
LDAPDefaultGID 2222
|
||||
LDAPForceDefaultUID on
|
||||
LDAPForceDefaultGID on
|
||||
LDAPGenerateHomedir on
|
||||
LDAPGenerateHomedirPrefix /var/lib/ftp/data
|
||||
LDAPForceGeneratedHomedir on
|
||||
</IfModule>
|
||||
{{end}}
|
||||
|
||||
@ -5,9 +5,9 @@ if [ ! -z ${STATIC_USER+x} ]; then
|
||||
--sha512 \
|
||||
--passwd \
|
||||
--home /var/lib/ftp/data \
|
||||
--uid ${STATIC_UID} \
|
||||
--gid ${STATIC_GID} \
|
||||
--name ${STATIC_USER} \
|
||||
--uid "$STATIC_UID" \
|
||||
--gid "$STATIC_GID" \
|
||||
--name "$STATIC_USER" \
|
||||
--shell /bin/sh \
|
||||
--file /etc/proftpd/passwd \
|
||||
--stdin
|
||||
|
||||
Loading…
Reference in New Issue
Block a user