From 678d6d832b7f0f50bf12b912fcbd897d3b31f343 Mon Sep 17 00:00:00 2001
From: Sebastian Hugentobler <sebastian@vanwa.ch>
Date: Mon, 24 Aug 2020 09:55:47 +0200
Subject: [PATCH] remove ldap auth

---
 Dockerfile                                   | 12 ++----
 README.md                                    | 40 +-------------------
 rootfs/etc/confd/templates/proftpd.conf.tmpl | 22 -----------
 rootfs/etc/cont-init.d/04-static-user        |  6 +--
 4 files changed, 7 insertions(+), 73 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0399bfd..70ef3ac 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,20 +1,14 @@
 FROM thallian/confd-env:latest
 
 RUN apk add --no-cache \
-    libressl \
+    openssl \
     openssh-client \
-    openldap \
-    zlib
-
-RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/main \
-    libcrypto1.1
+    zlib \
+    perl
 
 RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \
     proftpd \
-    proftpd-mod_ldap \
     proftpd-mod_sftp \
-    proftpd-mod_auth_file \
-    proftpd-mod_site_misc \
     proftpd-utils
 
 RUN addgroup -g 2222 access
diff --git a/README.md b/README.md
index d9991df..bf918e8 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,4 @@
-# NO LONGER MAINTAINED
-
-File access with [ProFTPD](http://www.proftpd.org/) over sftp and ldap authentication.
+File access with [ProFTPD](http://www.proftpd.org/) over sftp and a static user/password.
 
 # Volumes
 - `/var/lib/ftp/data`: root directory for files
@@ -22,41 +20,5 @@ Uid for the static user.
 ## STATIC_GID
 Gid for the static user.
 
-## LDAP_URI
-Full ldap uri with search qualifier. Disables ldap auth if empty.
-
-For example: `ldap://ldap:389/??sub`
-
-## LDAP_BASE
-Base DN for ldap searches.
-
-## LDAP_FILTER
-Ldap [filter](http://www.proftpd.org/docs/directives/linked/config_ref_LDAPUsers.html) to find valid users.
-
-`%u` is replaced with the username.
-
-## LDAP_BIND_DN
-DN to use when connecting to the ldap host.
-
-## LDAP_BIND_PASSWORD
-Password to use when connecting to the ldap host.
-
-## LDAP_USE_TLS
-- default: on
-
-Whether to use tls when connecting to the ldap host.
-
-## LDAP_USE_AUTH_BIND
-- default: on
-
-Whether to use auth bind with ldap.
-
 # Ports
 - 22
-
-## Capabilities
-- DAC_OVERRIDE
-- NET_BIND_SERVICE
-- SETGID
-- SETUID
-- SYS_CHROOT
diff --git a/rootfs/etc/confd/templates/proftpd.conf.tmpl b/rootfs/etc/confd/templates/proftpd.conf.tmpl
index d69d7d1..61b9806 100644
--- a/rootfs/etc/confd/templates/proftpd.conf.tmpl
+++ b/rootfs/etc/confd/templates/proftpd.conf.tmpl
@@ -30,25 +30,3 @@ AuthUserFile /etc/proftpd/passwd
     SFTPHostKey /etc/proftpd/keys/ssh_rsa_key
     SFTPOptions IgnoreSCPUploadPerms IgnoreSFTPUploadPerms
 </IfModule>
-
-{{if (getenv "LDAP_URI")}}
-<IfModule mod_ldap.c>
-    AuthOrder mod_ldap.c
-
-    LDAPAttr uid cn
-
-    LDAPServer {{getenv "LDAP_URI"}}
-    LDAPUseTLS {{getenv "LDAP_USE_TLS" "on"}}
-    LDAPAuthBinds {{getenv "LDAP_USE_AUTH_BIND" "on"}}
-    LDAPBindDN "{{getenv "LDAP_BIND_DN"}}" {{getenv "LDAP_BIND_PASSWORD"}}
-
-    LDAPUsers {{getenv "LDAP_BASE"}} "{{getenv "LDAP_FILTER"}}"
-    LDAPDefaultUID 101
-    LDAPDefaultGID 2222
-    LDAPForceDefaultUID on
-    LDAPForceDefaultGID on
-    LDAPGenerateHomedir on
-    LDAPGenerateHomedirPrefix /var/lib/ftp/data
-    LDAPForceGeneratedHomedir on
-</IfModule>
-{{end}}
diff --git a/rootfs/etc/cont-init.d/04-static-user b/rootfs/etc/cont-init.d/04-static-user
index 3c73215..f5cdf5c 100644
--- a/rootfs/etc/cont-init.d/04-static-user
+++ b/rootfs/etc/cont-init.d/04-static-user
@@ -5,9 +5,9 @@ if [ ! -z ${STATIC_USER+x} ]; then
         --sha512 \
         --passwd \
         --home /var/lib/ftp/data \
-        --uid ${STATIC_UID} \
-        --gid ${STATIC_GID} \
-        --name ${STATIC_USER} \
+        --uid "$STATIC_UID" \
+        --gid "$STATIC_GID" \
+        --name "$STATIC_USER" \
         --shell /bin/sh \
         --file /etc/proftpd/passwd \
         --stdin