I am looking for solution for following situation.
I have bunch of ftp account (many servers) and many users. They need access to that servers. I don't want to give every user passwords to every server.
My idea is to setup ftp proxy with LDAP authentication so every user have to use his own password. In order to that, ftp proxy must have list of ftp accounts.
Ftp-proxy supports LDAP but I don't know if there is any way to implement list of accounts.
You might look into using the mod_proxy module for ProFTPD. You could configure it to be a reverse FTP proxy, with users authenticated by the proxy, and with a different set of credentials used to login to your backend servers.
For example:
# Authenticate via LDAP <IfModule mod_ldap.c> # Add your mod_ldap configuration here ... AuthOrder mod_ldap.c </IfModule> <IfModule mod_proxy.c> ProxyEngine on ProxyTables /var/ftpd/proxy/ ProxyRole reverse ProxyReverseServers ftp://server1:[email protected] ftp://server2:[email protected] # Tell mod_proxy to authenticate users locally (e.g. via mod_ldap) ProxyOptions UseReverseProxyAuth </IfModule> We use ProFTPD's mod_ldap for LDAP authentication, and tell mod_proxy to authenticate users locally (versus having the selected backend server authenticate the user). Finally, notice that the backend server URLs for the ProxyReverseServers directive use the URL syntax that contains a username/password. That syntax is used to configure/override the username/password that mod_proxy uses when authenticating to the backend server.
This means that your users (the "frontend" clients) would authenticate normally, using their LDAP username/password, to mod_proxy. The proxy, when connecting to your servers, uses the usernames/passwords that you don't necessarily want to share with your users.
