LDAP, FTP & no such user found

So I'm trying out OpenMediaVault in a virtualbox environment to see if I should switch to it (so far it seems really good, except this little thing). I've added the LDAP plugin, configured it correctly (I assume since the Users and Group settings now show the LDAP users and groups also). I then created a share, gave an LDAP group Read/Write permission, added it as an FTP share. Next step, tried to login in on the FTP using an LDAP user that is a member of the group with permission and...no sucess.

Checking the log for FTP I see an error that says "127.0.0.1 (::ffff:10.10.10.2[::ffff 10.10.10.2]) - USER test:: no such user found from ::ffff:10.10.10.2 [::ffff:10.10.10.2] to ::ffff:10.10.10.3:21". At this moment I started checking the config for the FTP and unchecked the option for "Deny logins which do not have a valid shell" and tried again and got the same result.

Should it be possible to do what I am trying to? If so any ideas of what I'm doing wrong?

Software:
OpenMediaVault 0.5.48
OpenMediaVault-LDAP 0.5.4
LDAP: Zentyal 3.4

Zitat von "tekkbebe"

The openmediavault-ldap plugin is a client to connect to OpenLDAP servers that are not on your OMV. You would have to setup an OpenLDAP server to do what you are trying.

Yes I know. Sorry for not being clearer in the initial post.

I've set up one virtual machine running Zentyal 3.4, another machine running OpenMediaVault (and a third one running IPFire for routing).

The Zentyal machine is up and running (contains users and groups) and I've then used the LDAP-plugin to connect to Zentyal. When I go to Users or Groups in OpenMediaVault the users and groups that are created in Zentyal is present, which to me seems to indicate that connection between OpenMediaVault and Zentyal is correctly setup and working.

Despite these signs that the connection is working I still get the error about no user found when trying to connect to OpenMediaVault by FTP. If I create a local user in OpenMediaVault I can login using FTP so it has something to do with the LDAP integration.

Zitat von "tekkbebe"

When you are connected to the OpenLDAP server run this command and give me sample output of the LDAP users:

cat /etc/password

Before you try this below try making the ftp shared folder the home location for the users.

Look this over, it does not seem as easy as you might have first thought:

https://forum.zentyal.org/index.php?topic=441.0

Alles anzeigen

cat /etc/passwd does not contain my LDAP user (but that is hardly surprising since it is an LDAP user). Running getent passwd will however list the LDAP test user.

May I ask what the purpose of changing the home location for users to the ftp-folder? I have a hard time seeing how that will help in this case since everything works if I create a local OpenMediaVault user. To me that seems to indicate that the FTP module is working as it should, it just isn't fetching the authentication information from LDAP (since the error message I receive when I try with the LDAP user is that it can't be found).

As for Zentyal forum link I'm a bit confused. Not about the instructions but rather why it is posted. According to this post: http://www.openmediavault.org/?p=782 it seems like what I'm trying to achive should be possible, and without any manually modifactions of profptd.conf.

If something has changed since that post was made then what is the current status? What works with LDAP and what doesn't work? What can the LDAP-plugin provide?

I do appreciate that your trying to help me but if possible I would appreciate some more reasoning behind the steps you're recommending, since I have a hard time seeing how they could relate to my issue.

Zitat von "bakman"

...
It's no problem for me, I only use the LDAP for authentication and file permissions verification. This however yet needs to be verified.

Have you been able to get the authentication working?

I've had some time to troubleshoot this issue and I have some interesting findings. I'm able to login with the LDAP user (at the shell prompt) but I'm still unable to authenticate when using FTP.

I've noticed that proftpd has it's own pam-config, could it have something to do with that? The investigation is ongoing...

So not having any success figuring out why I can use the LDAP accounts to login on the OpenMediaVault machine but not use them to access the FTP server I thought I'd try SAMBA and see how it works.

When I wasn't able to login using my LDAP accounts I thought I'd give troubleshooting a go. Running pdbedit I got this:

Command: pdbedit -L -v

smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=OPENMEDIAVAULT))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
smbldap_search_domain_info: Got no domain info entries for domain
add_new_domain_info: Adding new domain
add_new_domain_info: failed to add domain dn= sambaDomainName=OPENMEDIAVAULT,dc=ad,dc=kalen71,dc=se with: Invalid DN syntax
	invalid DN
smbldap_search_domain_info: Adding domain info for OPENMEDIAVAULT failed with NT_STATUS_UNSUCCESSFUL
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate new users/groups, and will risk BDCs having inconsistant SIDs
smbldap_search_paged: base => [dc=ad,dc=kalen71,dc=se], filter => [(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize => [1024]
smbldap_search_paged: search was successful

Question is, are these issues caused by the implementation in OpenMediaVault or by Zentyals LDAP?