Results 1 to 2 of 2

Thread: example of using zimbra's ldap server for other things besides email

Hybrid View

  1. #1
    Join Date
    Nov 2005
    Posts
    5
    Rep Power
    10

    Lightbulb example of using zimbra's ldap server for other things besides email

    I don't know if this would be of any use to anyone else - probably not but you never know... perhaps it will at least serve as inspiration for how to access LDAP...

    I threw together an external authentication script for pure-ftpd that shares Zimbra's user accounts for the purpose of hosting virtual domains and thought I'd share.

    Anyway, here's some free code if anybody cares... Merry Christmas


    Code:
    #!/usr/bin/perl
    # Filename: ftp-auth-handler
    #
    # PureFTPD Custom Authentication via Zimbra LDAP for Virtual Web Hosting
    ################################################################################
    # 					<edward.nigma@gmail.com>	12.08.05
    #
    # Add the following to your /etc/pure-ftpd.conf:
    #	ExtAuth                       /var/run/ftpd.sock
    #
    # Usage:
    #	pure-authd -s /var/run/ftpd.sock -r /usr/local/src/ftp-auth-handler &
    #
    # ACL Config File:
    #	List user e-mail addresses one line at a time that are permitted to 
    #	access the webspace of the domain they below to in the config file 
    #	specified below. Custom home directories may be specified with a colon
    #	if you'd like to override the defaults...
    #
    #	Example:
    #		billy@bob.com		<-- will be sent to /home/virtualdomains/bob.com
    #		john@john.com		<-- will be sent to /home/virtualdomains/john.com
    #		sam@john.com:/home/sam	<-- will be sent to /home/sam
    #
    #	(If leo@bob.com attempts a login, it will fail even with a
    #	 correct password because they are not included in the list)
    #
    
    use strict;
    use Net::LDAP;
    
    # Configuration Below
    my $ldaphost = "127.0.0.1";	# zimbra server ip for ldap
    my $virtualuser = "virtualdomains";	# real user for virtual accounts
    my $uid = "1000";	# uid of real user for virtual accounts
    my $gid = "1000";	# gid of real user for virtual accounts
    my $configfile = "/usr/local/src/ftp-auth-handler.conf";	# acl config file location
    
    # Declare our other values
    my $auth = 0; my $priv = 0; my $customdir;
    my $email = $ENV{'AUTHD_ACCOUNT'};
    my $password = $ENV{'AUTHD_PASSWORD'};
    my $domain = (split(/\@/, $email))[1];	
    my $username = (split(/\@/, $email))[0];
    my @dc = split(/\./, $domain);
    my $dclist = join(',dc=', @dc);
    
    # Check ACL list
    open(CONFIG, $configfile);
    while(<CONFIG>) {
    	my $confline = $_;
    	$confline =~ s/\n//g;
    	my $confuser = (split(/:/, $confline))[0];
    	my $confdir = (split(/:/, $confline))[1];	
    	if ($confuser eq $email) { $priv = 1; if ($confdir) { $customdir = $confdir; } }
    }
    close(CONFIG);
    
    # Attempt to bind with FTP login if ACL permits
    if ($priv) {
    	my $ldap = Net::LDAP->new($ldaphost) or die($@);
    	my $mesg = $ldap->bind("uid=$username,ou=people,dc=$dclist", password => $password);
    	$ldap->unbind;
    	if ($mesg->code) {
    		$auth = 0;
    	} else {
    		$auth = 1;
    	}
    }
    
    # If sucessful tell PureFTPD to permit entry
    if (($auth) && ($priv)) {
    	print "auth_ok:1\n";
    	print "uid:$uid\n";
    	print "gid:$gid\n";
    	if ($customdir) {
    		print "dir:$customdir\n"; 
    	} else { 
    		print "dir:/home/$virtualuser/$domain\n";
    	}
    } else {
    	print "auth_ok:0\n";
    }
    print "end\n";

  2. #2
    Join Date
    Dec 2012
    Posts
    3
    Rep Power
    3

    Default

    Quote Originally Posted by vitrum View Post
    I don't know if this would be of any use to anyone else - probably not but you never know... perhaps it will at least serve as inspiration for how to access LDAP...

    I threw together an external authentication script for pure-ftpd that shares Zimbra's user accounts for the purpose of hosting virtual domains and thought I'd share.

    Anyway, here's some free code if anybody cares... Merry Christmas


    Code:
    #!/usr/bin/perl
    # Filename: ftp-auth-handler
    #
    # PureFTPD Custom Authentication via Zimbra LDAP for Virtual Web Hosting
    ################################################################################
    # 					<edward.nigma@gmail.com>	12.08.05
    #
    # Add the following to your /etc/pure-ftpd.conf:
    #	ExtAuth                       /var/run/ftpd.sock
    #
    # Usage:
    #	pure-authd -s /var/run/ftpd.sock -r /usr/local/src/ftp-auth-handler &
    #
    # ACL Config File:
    #	List user e-mail addresses one line at a time that are permitted to 
    #	access the webspace of the domain they below to in the config file 
    #	specified below. Custom home directories may be specified with a colon
    #	if you'd like to override the defaults...
    #
    #	Example:
    #		billy@bob.com		<-- will be sent to /home/virtualdomains/bob.com
    #		john@john.com		<-- will be sent to /home/virtualdomains/john.com
    #		sam@john.com:/home/sam	<-- will be sent to /home/sam
    #
    #	(If leo@bob.com attempts a login, it will fail even with a
    #	 correct password because they are not included in the list)
    #
    
    use strict;
    use Net::LDAP;
    
    # Configuration Below
    my $ldaphost = "127.0.0.1";	# zimbra server ip for ldap
    my $virtualuser = "virtualdomains";	# real user for virtual accounts
    my $uid = "1000";	# uid of real user for virtual accounts
    my $gid = "1000";	# gid of real user for virtual accounts
    my $configfile = "/usr/local/src/ftp-auth-handler.conf";	# acl config file location
    
    # Declare our other values
    my $auth = 0; my $priv = 0; my $customdir;
    my $email = $ENV{'AUTHD_ACCOUNT'};
    my $password = $ENV{'AUTHD_PASSWORD'};
    my $domain = (split(/\@/, $email))[1];	
    my $username = (split(/\@/, $email))[0];
    my @dc = split(/\./, $domain);
    my $dclist = join(',dc=', @dc);
    
    # Check ACL list
    open(CONFIG, $configfile);
    while(<CONFIG>) {
    	my $confline = $_;
    	$confline =~ s/\n//g;
    	my $confuser = (split(/:/, $confline))[0];
    	my $confdir = (split(/:/, $confline))[1];	
    	if ($confuser eq $email) { $priv = 1; if ($confdir) { $customdir = $confdir; } }
    }
    close(CONFIG);
    
    # Attempt to bind with FTP login if ACL permits
    if ($priv) {
    	my $ldap = Net::LDAP->new($ldaphost) or die($@);
    	my $mesg = $ldap->bind("uid=$username,ou=people,dc=$dclist", password => $password);
    	$ldap->unbind;
    	if ($mesg->code) {
    		$auth = 0;
    	} else {
    		$auth = 1;
    	}
    }
    
    # If sucessful tell PureFTPD to permit entry
    if (($auth) && ($priv)) {
    	print "auth_ok:1\n";
    	print "uid:$uid\n";
    	print "gid:$gid\n";
    	if ($customdir) {
    		print "dir:$customdir\n"; 
    	} else { 
    		print "dir:/home/$virtualuser/$domain\n";
    	}
    } else {
    	print "auth_ok:0\n";
    }
    print "end\n";
    Where i can get ftp-auth-handler.conf? Do i need to change virtualdomain to my own domain?

Similar Threads

  1. initializing ldap...FAILED(256)ERROR
    By manjunath in forum Installation
    Replies: 39
    Last Post: 06-07-2013, 11:27 AM
  2. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 01:42 AM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 08:46 PM
  4. upgrade to 4.0.3 antispam does'nt work
    By lucanannipieri in forum Administrators
    Replies: 14
    Last Post: 11-07-2006, 03:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •