Results 1 to 2 of 2

Thread: example of using zimbra's ldap server for other things besides email

  1. 12-08-2005, 11:34 PM #1
    vitrum
    vitrum is offline Junior Member
    Join Date
    Nov 2005
    Posts
    5
    Rep Power
    8

    Lightbulb example of using zimbra's ldap server for other things besides email

    I don't know if this would be of any use to anyone else - probably not but you never know... perhaps it will at least serve as inspiration for how to access LDAP...

    I threw together an external authentication script for pure-ftpd that shares Zimbra's user accounts for the purpose of hosting virtual domains and thought I'd share.

    Anyway, here's some free code if anybody cares... Merry Christmas


    Code:
    #!/usr/bin/perl
# Filename: ftp-auth-handler
#
# PureFTPD Custom Authentication via Zimbra LDAP for Virtual Web Hosting
################################################################################
# 					<edward.nigma@gmail.com>	12.08.05
#
# Add the following to your /etc/pure-ftpd.conf:
#	ExtAuth                       /var/run/ftpd.sock
#
# Usage:
#	pure-authd -s /var/run/ftpd.sock -r /usr/local/src/ftp-auth-handler &
#
# ACL Config File:
#	List user e-mail addresses one line at a time that are permitted to 
#	access the webspace of the domain they below to in the config file 
#	specified below. Custom home directories may be specified with a colon
#	if you'd like to override the defaults...
#
#	Example:
#		billy@bob.com		<-- will be sent to /home/virtualdomains/bob.com
#		john@john.com		<-- will be sent to /home/virtualdomains/john.com
#		sam@john.com:/home/sam	<-- will be sent to /home/sam
#
#	(If leo@bob.com attempts a login, it will fail even with a
#	 correct password because they are not included in the list)
#

use strict;
use Net::LDAP;

# Configuration Below
my $ldaphost = "127.0.0.1";	# zimbra server ip for ldap
my $virtualuser = "virtualdomains";	# real user for virtual accounts
my $uid = "1000";	# uid of real user for virtual accounts
my $gid = "1000";	# gid of real user for virtual accounts
my $configfile = "/usr/local/src/ftp-auth-handler.conf";	# acl config file location

# Declare our other values
my $auth = 0; my $priv = 0; my $customdir;
my $email = $ENV{'AUTHD_ACCOUNT'};
my $password = $ENV{'AUTHD_PASSWORD'};
my $domain = (split(/\@/, $email))[1];	
my $username = (split(/\@/, $email))[0];
my @dc = split(/\./, $domain);
my $dclist = join(',dc=', @dc);

# Check ACL list
open(CONFIG, $configfile);
while(<CONFIG>) {
	my $confline = $_;
	$confline =~ s/\n//g;
	my $confuser = (split(/:/, $confline))[0];
	my $confdir = (split(/:/, $confline))[1];	
	if ($confuser eq $email) { $priv = 1; if ($confdir) { $customdir = $confdir; } }
}
close(CONFIG);

# Attempt to bind with FTP login if ACL permits
if ($priv) {
	my $ldap = Net::LDAP->new($ldaphost) or die($@);
	my $mesg = $ldap->bind("uid=$username,ou=people,dc=$dclist", password => $password);
	$ldap->unbind;
	if ($mesg->code) {
		$auth = 0;
	} else {
		$auth = 1;
	}
}

# If sucessful tell PureFTPD to permit entry
if (($auth) && ($priv)) {
	print "auth_ok:1\n";
	print "uid:$uid\n";
	print "gid:$gid\n";
	if ($customdir) {
		print "dir:$customdir\n"; 
	} else { 
		print "dir:/home/$virtualuser/$domain\n";
	}
} else {
	print "auth_ok:0\n";
}
print "end\n";
    Reply With Quote Reply With Quote
  2. 01-09-2013, 08:12 PM #2
    zabidin2
    zabidin2 is offline New Member
    Join Date
    Dec 2012
    Posts
    3
    Rep Power
    1

    Default

    Quote Originally Posted by vitrum View Post
    I don't know if this would be of any use to anyone else - probably not but you never know... perhaps it will at least serve as inspiration for how to access LDAP...

    I threw together an external authentication script for pure-ftpd that shares Zimbra's user accounts for the purpose of hosting virtual domains and thought I'd share.

    Anyway, here's some free code if anybody cares... Merry Christmas


    Code:
    #!/usr/bin/perl
# Filename: ftp-auth-handler
#
# PureFTPD Custom Authentication via Zimbra LDAP for Virtual Web Hosting
################################################################################
# 					<edward.nigma@gmail.com>	12.08.05
#
# Add the following to your /etc/pure-ftpd.conf:
#	ExtAuth                       /var/run/ftpd.sock
#
# Usage:
#	pure-authd -s /var/run/ftpd.sock -r /usr/local/src/ftp-auth-handler &
#
# ACL Config File:
#	List user e-mail addresses one line at a time that are permitted to 
#	access the webspace of the domain they below to in the config file 
#	specified below. Custom home directories may be specified with a colon
#	if you'd like to override the defaults...
#
#	Example:
#		billy@bob.com		<-- will be sent to /home/virtualdomains/bob.com
#		john@john.com		<-- will be sent to /home/virtualdomains/john.com
#		sam@john.com:/home/sam	<-- will be sent to /home/sam
#
#	(If leo@bob.com attempts a login, it will fail even with a
#	 correct password because they are not included in the list)
#

use strict;
use Net::LDAP;

# Configuration Below
my $ldaphost = "127.0.0.1";	# zimbra server ip for ldap
my $virtualuser = "virtualdomains";	# real user for virtual accounts
my $uid = "1000";	# uid of real user for virtual accounts
my $gid = "1000";	# gid of real user for virtual accounts
my $configfile = "/usr/local/src/ftp-auth-handler.conf";	# acl config file location

# Declare our other values
my $auth = 0; my $priv = 0; my $customdir;
my $email = $ENV{'AUTHD_ACCOUNT'};
my $password = $ENV{'AUTHD_PASSWORD'};
my $domain = (split(/\@/, $email))[1];	
my $username = (split(/\@/, $email))[0];
my @dc = split(/\./, $domain);
my $dclist = join(',dc=', @dc);

# Check ACL list
open(CONFIG, $configfile);
while(<CONFIG>) {
	my $confline = $_;
	$confline =~ s/\n//g;
	my $confuser = (split(/:/, $confline))[0];
	my $confdir = (split(/:/, $confline))[1];	
	if ($confuser eq $email) { $priv = 1; if ($confdir) { $customdir = $confdir; } }
}
close(CONFIG);

# Attempt to bind with FTP login if ACL permits
if ($priv) {
	my $ldap = Net::LDAP->new($ldaphost) or die($@);
	my $mesg = $ldap->bind("uid=$username,ou=people,dc=$dclist", password => $password);
	$ldap->unbind;
	if ($mesg->code) {
		$auth = 0;
	} else {
		$auth = 1;
	}
}

# If sucessful tell PureFTPD to permit entry
if (($auth) && ($priv)) {
	print "auth_ok:1\n";
	print "uid:$uid\n";
	print "gid:$gid\n";
	if ($customdir) {
		print "dir:$customdir\n"; 
	} else { 
		print "dir:/home/$virtualuser/$domain\n";
	}
} else {
	print "auth_ok:0\n";
}
print "end\n";
    Where i can get ftp-auth-handler.conf? Do i need to change virtualdomain to my own domain?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

LinkBacks (?)

  1. Web Link
    Refback This thread
    09-12-2007, 02:46 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. initializing ldap...FAILED(256)ERROR
    By manjunath in forum Installation
    Replies: 39
    Last Post: 06-07-2013, 10:27 AM
  2. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  4. upgrade to 4.0.3 antispam does'nt work
    By lucanannipieri in forum Administrators
    Replies: 14
    Last Post: 11-07-2006, 02:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules