FileZilla Forums

Welcome to the official discussion forums for FileZilla
https://forum.filezilla-project.org/

Experimental support for Filezilla Server and LDAP directory

https://forum.filezilla-project.org/viewtopic.php?f=6&t=11146

Page 1 of 4

Experimental support for Filezilla Server and LDAP directory

Posted: 2009-04-16 09:42
by kontumenin
Moderator comment: This project's homepage is http://sourceforge.net/projects/fzldap.
Download
http://sourceforge.net/projects/fzldap

Works for me ;)


FILES:
- Filezilla server.exe
With support for LDAP
- oldapcheck.exe
Command line utility only for testing pourposes
- oldapcheck.ini
Configuration file
  • a) server=ldap.2uclm.es
    The ldap server to connect. I have tested with AD
    b) domain=@2uclm.es
    For autentification with @ character
    c) TLS=N
    If set TLS=Y for security, you must create the file C:\OpenLdap\sysconf\ldap.conf with this:
    TLS_REQCERT never
    TLS_CACERT C:\OpenLdap\sysconf\certs\my_ldap_cert.pem
    A good explication in: http://www.novell.com/coolsolutions/tip/5838.html

Installation.
1) Stop Filezilla Server.exe daemon
2) Copy Filezilla Server.exe, oldapcheck.exe and oldapcheck.ini files in application directory, for example: c:\Program Files\Filezilla Server
3) Start Filezilla Server daemon.
4) In oldapcheck.ini set the correct values. If you want a security connection set TLS=Y in oldapcheck.ini

HOWTO:
- if my user in AD is Rodolfo.Martinez@2uclm.es, in Filezilla must be Rodolfo.Martinez
- The application, firstly check for local password, and secondly check for ldap password

I'm spanish, sorry for my english
mail: jcarlos # albacete.org


The source code (sorry, I'm newbie in c++):

Code: Select all

==========================================================
ADD In Permissions.cpp 
==========================================================
#include <ldap.h>
#include <string.h>

int check_openldapint(int bssl,const char *server,const char *domain,const char *user,const char *passwd){
LDAP* ld;

  char usr[100];
 strcpy(usr,"");
 strcpy(usr,user);
 strcat(usr,domain);

 ld = ldap_init(server, LDAP_PORT);
 if(ld == NULL){
    ldap_unbind(ld);
	return false;
 }

int  version = LDAP_VERSION3;
 if(bssl){
     if( ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS ){
         ldap_unbind(ld);
         return false;
     }
 
     ldap_start_tls_s(ld, NULL, NULL);
 }

 int ret;
 ret=ldap_simple_bind_s( ld, usr, passwd ); 
 ldap_unbind(ld);

 if(ret==LDAP_SUCCESS) return true;

 return false; 
}

int check_openldap(const char *user,const char *passwd){
wchar_t lpIni[MAX_PATH+1];
wchar_t servidor[100];
wchar_t dominio[50];
wchar_t conssl[50];
char sser[100],ddom[50];
bool bSsl=false;

char        szAppPath[MAX_PATH] = "";
std::string strAppDirectory;
::GetModuleFileName(0, lpIni, sizeof(lpIni) - 1);

	wcstombs(szAppPath, lpIni,MAX_PATH);
    strAppDirectory = szAppPath;
    strAppDirectory = strAppDirectory.substr(0, strAppDirectory.rfind("\\"));
  	mbstowcs(lpIni, strAppDirectory.c_str(),MAX_PATH);

	wcscat(lpIni,L"\\");
	wcscat(lpIni,L"oldapcheck.ini");

char fini[MAX_PATH];
	wcstombs(fini, lpIni,MAX_PATH);

    GetPrivateProfileString(L"settings",L"server",L"test.dsi.2uclm.es",servidor,100,lpIni);
    GetPrivateProfileString(L"settings",L"domain",L"@2uclm.es",dominio,50,lpIni);
    GetPrivateProfileString(L"settings",L"TLS",L"Y",conssl,50,lpIni);
	if(wcscmp(conssl,L"Y")==0){ 
	   bSsl=true;
	   wcscpy(conssl,L"Yes");
	}else wcscpy(conssl,L"No");


	wcstombs(sser, servidor,100);
	wcstombs(ddom, dominio,50);

	return check_openldapint(bSsl,sser,ddom,user,passwd);
}




==========================================================
MODIFY In Permissions.cpp 
==========================================================
BOOL CPermissions::CheckUserLogin(LPCTSTR username, LPCTSTR pass, CUser &userdata, BOOL noPasswordCheck /*=FALSE*/)
{
	const char *tmp = ConvToNetwork(pass);
	if (!tmp)
		return FALSE;

	MD5 md5;
	md5.update((unsigned char *)tmp, strlen(tmp));
	md5.finalize();
	char *res = md5.hex_digest();
	CStdString hash = res;
	delete [] res;
	delete [] tmp;

	CUser user;
	if (!GetUser(username, user))
		return FALSE;

	if (noPasswordCheck || user.password == hash || user.password == _T(""))
	{
		userdata = user;
		return TRUE;
	}


//--------------------------------------
// MODIFICATION
//--------------------------------------
    const char *usr = ConvToNetwork(username);
	const char *pwd = ConvToNetwork(pass);

	if(strlen(pwd)>0){  
		if(check_openldap(usr,pwd)){
          delete [] pwd;
		  delete [] usr;
		  userdata = user;
		  return TRUE;
		}
	}
    delete [] pwd;
    delete [] usr;
//--------------------------------------

	return FALSE;
}

Re: Experimental support for Filezilla Server and LDAP directory

Posted: 2009-05-04 17:53
by acamera
Hi,

I tried to download the zip file but was corrupted, can you provide an alternative link?

TIA

Alberto

Re: Experimental support for Filezilla Server and LDAP directory

Posted: 2009-05-05 01:57
by boco
The download is not corrupt. Clear your browser cache and try again. If you don't clear the cache you will always get the same cached file.

Note that you first need to have a working installation of the original Filezilla Server (downloadable from this very site) first.

Re: Experimental support for Filezilla Server and LDAP directory

Posted: 2009-05-06 11:04
by kontumenin
in fact, the download is not corrupt.
At the moment, the modification work perfect for me. :D

Regards

Re: Experimental support for Filezilla Server and LDAP directory

Posted: 2009-07-20 23:03
by blakeray
In order for LDAP to work between FileZilla and active directory do I also need openLDAP installed?
Also I get an error when I use the zipped version of filezilla server.exe interface miss match. Do I need to upgrade filezilla server? Does the FileZilla server.exe have to match the oldapcheck.exe version. I am on .41 and the version in the zipped file is on 49.
When I try to login remotely via ftp with a AD user/passwd the password fails. I figure its one of the two things I am overlooking. New with Filezilla and LDAP but have toget them working together. Any further thoughts would be great.

Re: Experimental support for Filezilla Server and LDAP directory

Posted: 2009-07-27 11:28
by kontumenin
blakeray wrote:In order for LDAP to work between FileZilla and active directory do I also need openLDAP installed?
NO
blakeray wrote: Also I get an error when I use the zipped version of filezilla server.exe interface miss match. Do I need to upgrade filezilla server?
Yes, 0.9.31or another version with the same Interface
blakeray wrote: Does the FileZilla server.exe have to match the oldapcheck.exe version. I am on .41 and the version in the zipped file is on 49.
???? oldapcheck.exe is a command line utility only for testing pourposes
blakeray wrote: When I try to login remotely via ftp with a AD user/passwd the password fails. I figure its one of the two things I am overlooking. New with Filezilla and LDAP but have toget them working together. Any further thoughts would be great.
Before testing in FileZilla, you should check it with oldapcheck.exe

Regards

Re: Experimental support for Filezilla Server and LDAP directory

Posted: 2009-07-27 12:21
by kontumenin
New version:
http://www.dreamcamip.com/files/FileZil ... 0_9_32.zip

Re: Experimental support for Filezilla Server and LDAP directory

Posted: 2009-10-21 09:50
by kontumenin
New version:
http://www.dreamcamip.com/files/FileZil ... 0_9_33.zip

Re: Experimental support for Filezilla Server and LDAP directory

Posted: 2009-12-17 01:04
by ZillaUser!!
First, Thank you for extending FzServer . As noted by a number of users, external authentication methods (including LDAP) is highly desirable!

A few observations for those trying the extension:

1. The LDAP query seems to succeed as long as the user name and password are correct EVEN IF the account is disabled.

Changing the A/D password and/or disabling the user in FzServer are the only mechanisms to disable user access.

2. Leaving the domain in the "domain=" field blank and supplying name@example.com during log-in does not work.

Re: Experimental support for Filezilla Server and LDAP directory

Posted: 2009-12-18 13:56
by mauri300856
Hi.
Thanks for your affort for extending FZS towards Ldap (or AD).
I installed successfully the newest version of your zip and it works fine.
But i should post some questions:
1) should i define the same user both in FZS and AD?
2) should i define the same password?
3) i tried to define to the same user with two different password in AD and in FZS: it works always! I thought to change the password inside active directory, but he could use the local password to login (even if the user in AD is disabled).
In my opinion the user should not be created in FZS and use only the AD definitions.

Best regards

Re: Experimental support for Filezilla Server and LDAP directory

Posted: 2009-12-18 19:04
by botg
Thanks. Can you please tidy up your changes by adhering to FileZilla Server's coding style a provide a patch in form of a unified context diff?

Re: Experimental support for Filezilla Server and LDAP directory

Posted: 2009-12-18 20:49
by mauri300856
Hi.
Sorry for my English, but what i have to do?
Best regards

Re: Experimental support for Filezilla Server and LDAP directory

Posted: 2009-12-18 21:29
by botg
My reply was addressed to the original poster.

Re: Experimental support for Filezilla Server and LDAP directory

Posted: 2009-12-31 09:27
by mauri300856
Hi.
I know that this is an experimental peach, but is there any news about the observations made in the prevoius replies?
Best Regards and have an Happy New Year.

Re: Experimental support for Filezilla Server and LDAP directory

Posted: 2010-01-11 15:09
by boulay
Hello kontumenin... Your patch looks awesome and would be of great help to us in using filezilla server. When you have time, would it be possible for you to do as botg suggested? Thanks a lot! And happy new year!
All times are UTC
Page 1 of 4

Powered by phpBB® Forum Software © phpBB Limited