container/user-access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove ldap auth

Browse Source
This commit is contained in:
Sebastian Hugentobler 2020-08-24 09:55:47 +02:00
parent d7a5f7628a
commit 678d6d832b
4 changed files with 7 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Dockerfile
View File

@ -1,20 +1,14 @@
FROM thallian/confd-env:latest FROM thallian/confd-env:latest
RUN apk add --no-cache \ RUN apk add --no-cache \
libressl \ openssl \
openssh-client \ openssh-client \
openldap \ zlib \
zlib perl
RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/main \
libcrypto1.1
RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \ RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/community \
proftpd \ proftpd \
proftpd-mod_ldap \
proftpd-mod_sftp \ proftpd-mod_sftp \
proftpd-mod_auth_file \
proftpd-mod_site_misc \
proftpd-utils proftpd-utils
RUN addgroup -g 2222 access RUN addgroup -g 2222 access

40
README.md
View File

@ -1,6 +1,4 @@
# NO LONGER MAINTAINED File access with [ProFTPD](http://www.proftpd.org/) over sftp and a static user/password.
File access with [ProFTPD](http://www.proftpd.org/) over sftp and ldap authentication.
# Volumes # Volumes
- `/var/lib/ftp/data`: root directory for files - `/var/lib/ftp/data`: root directory for files
@ -22,41 +20,5 @@ Uid for the static user.
## STATIC_GID ## STATIC_GID
Gid for the static user. Gid for the static user.
## LDAP_URI
Full ldap uri with search qualifier. Disables ldap auth if empty.
For example: `ldap://ldap:389/??sub`
## LDAP_BASE
Base DN for ldap searches.
## LDAP_FILTER
Ldap [filter](http://www.proftpd.org/docs/directives/linked/config_ref_LDAPUsers.html) to find valid users.
`%u` is replaced with the username.
## LDAP_BIND_DN
DN to use when connecting to the ldap host.
## LDAP_BIND_PASSWORD
Password to use when connecting to the ldap host.
## LDAP_USE_TLS
- default: on
Whether to use tls when connecting to the ldap host.
## LDAP_USE_AUTH_BIND
- default: on
Whether to use auth bind with ldap.
# Ports # Ports
- 22 - 22
## Capabilities
- DAC_OVERRIDE
- NET_BIND_SERVICE
- SETGID
- SETUID
- SYS_CHROOT

22
rootfs/etc/confd/templates/proftpd.conf.tmpl
View File

@ -30,25 +30,3 @@ AuthUserFile /etc/proftpd/passwd
SFTPHostKey /etc/proftpd/keys/ssh_rsa_key SFTPHostKey /etc/proftpd/keys/ssh_rsa_key
SFTPOptions IgnoreSCPUploadPerms IgnoreSFTPUploadPerms SFTPOptions IgnoreSCPUploadPerms IgnoreSFTPUploadPerms
</IfModule> </IfModule>
{{if (getenv "LDAP_URI")}}
<IfModule mod_ldap.c>
AuthOrder mod_ldap.c
LDAPAttr uid cn
LDAPServer {{getenv "LDAP_URI"}}
LDAPUseTLS {{getenv "LDAP_USE_TLS" "on"}}
LDAPAuthBinds {{getenv "LDAP_USE_AUTH_BIND" "on"}}
LDAPBindDN "{{getenv "LDAP_BIND_DN"}}" {{getenv "LDAP_BIND_PASSWORD"}}
LDAPUsers {{getenv "LDAP_BASE"}} "{{getenv "LDAP_FILTER"}}"
LDAPDefaultUID 101
LDAPDefaultGID 2222
LDAPForceDefaultUID on
LDAPForceDefaultGID on
LDAPGenerateHomedir on
LDAPGenerateHomedirPrefix /var/lib/ftp/data
LDAPForceGeneratedHomedir on
</IfModule>
{{end}}

6
rootfs/etc/cont-init.d/04-static-user
View File

@ -5,9 +5,9 @@ if [ ! -z ${STATIC_USER+x} ]; then
--sha512 \ --sha512 \
--passwd \ --passwd \
--home /var/lib/ftp/data \ --home /var/lib/ftp/data \
--uid ${STATIC_UID} \ --uid "$STATIC_UID" \
--gid ${STATIC_GID} \ --gid "$STATIC_GID" \
--name ${STATIC_USER} \ --name "$STATIC_USER" \
--shell /bin/sh \ --shell /bin/sh \
--file /etc/proftpd/passwd \ --file /etc/proftpd/passwd \
--stdin --stdin