Experimental support for Filezilla Server and LDAP directory

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
kontumenin
500 Syntax error
Posts: 16
Joined: 2009-04-15 21:32
First name: Juan Carlos
Last name: Monteagudo

Experimental support for Filezilla Server and LDAP directory

#1 Post by kontumenin » 2009-04-16 09:42

Moderator comment: This project's homepage is http://sourceforge.net/projects/fzldap.
Download
http://sourceforge.net/projects/fzldap

Works for me ;)


FILES:
- Filezilla server.exe
With support for LDAP
- oldapcheck.exe
Command line utility only for testing pourposes
- oldapcheck.ini
Configuration file
  • a) server=ldap.2uclm.es
    The ldap server to connect. I have tested with AD
    b) domain=@2uclm.es
    For autentification with @ character
    c) TLS=N
    If set TLS=Y for security, you must create the file C:\OpenLdap\sysconf\ldap.conf with this:
    TLS_REQCERT never
    TLS_CACERT C:\OpenLdap\sysconf\certs\my_ldap_cert.pem
    A good explication in: http://www.novell.com/coolsolutions/tip/5838.html

Installation.
1) Stop Filezilla Server.exe daemon
2) Copy Filezilla Server.exe, oldapcheck.exe and oldapcheck.ini files in application directory, for example: c:\Program Files\Filezilla Server
3) Start Filezilla Server daemon.
4) In oldapcheck.ini set the correct values. If you want a security connection set TLS=Y in oldapcheck.ini

HOWTO:
- if my user in AD is Rodolfo.Martinez@2uclm.es, in Filezilla must be Rodolfo.Martinez
- The application, firstly check for local password, and secondly check for ldap password

I'm spanish, sorry for my english
mail: jcarlos # albacete.org


The source code (sorry, I'm newbie in c++):

Code: Select all

==========================================================
ADD In Permissions.cpp 
==========================================================
#include <ldap.h>
#include <string.h>

int check_openldapint(int bssl,const char *server,const char *domain,const char *user,const char *passwd){
LDAP* ld;

  char usr[100];
 strcpy(usr,"");
 strcpy(usr,user);
 strcat(usr,domain);

 ld = ldap_init(server, LDAP_PORT);
 if(ld == NULL){
    ldap_unbind(ld);
	return false;
 }

int  version = LDAP_VERSION3;
 if(bssl){
     if( ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version ) != LDAP_OPT_SUCCESS ){
         ldap_unbind(ld);
         return false;
     }
 
     ldap_start_tls_s(ld, NULL, NULL);
 }

 int ret;
 ret=ldap_simple_bind_s( ld, usr, passwd ); 
 ldap_unbind(ld);

 if(ret==LDAP_SUCCESS) return true;

 return false; 
}

int check_openldap(const char *user,const char *passwd){
wchar_t lpIni[MAX_PATH+1];
wchar_t servidor[100];
wchar_t dominio[50];
wchar_t conssl[50];
char sser[100],ddom[50];
bool bSsl=false;

char        szAppPath[MAX_PATH] = "";
std::string strAppDirectory;
::GetModuleFileName(0, lpIni, sizeof(lpIni) - 1);

	wcstombs(szAppPath, lpIni,MAX_PATH);
    strAppDirectory = szAppPath;
    strAppDirectory = strAppDirectory.substr(0, strAppDirectory.rfind("\\"));
  	mbstowcs(lpIni, strAppDirectory.c_str(),MAX_PATH);

	wcscat(lpIni,L"\\");
	wcscat(lpIni,L"oldapcheck.ini");

char fini[MAX_PATH];
	wcstombs(fini, lpIni,MAX_PATH);

    GetPrivateProfileString(L"settings",L"server",L"test.dsi.2uclm.es",servidor,100,lpIni);
    GetPrivateProfileString(L"settings",L"domain",L"@2uclm.es",dominio,50,lpIni);
    GetPrivateProfileString(L"settings",L"TLS",L"Y",conssl,50,lpIni);
	if(wcscmp(conssl,L"Y")==0){ 
	   bSsl=true;
	   wcscpy(conssl,L"Yes");
	}else wcscpy(conssl,L"No");


	wcstombs(sser, servidor,100);
	wcstombs(ddom, dominio,50);

	return check_openldapint(bSsl,sser,ddom,user,passwd);
}




==========================================================
MODIFY In Permissions.cpp 
==========================================================
BOOL CPermissions::CheckUserLogin(LPCTSTR username, LPCTSTR pass, CUser &userdata, BOOL noPasswordCheck /*=FALSE*/)
{
	const char *tmp = ConvToNetwork(pass);
	if (!tmp)
		return FALSE;

	MD5 md5;
	md5.update((unsigned char *)tmp, strlen(tmp));
	md5.finalize();
	char *res = md5.hex_digest();
	CStdString hash = res;
	delete [] res;
	delete [] tmp;

	CUser user;
	if (!GetUser(username, user))
		return FALSE;

	if (noPasswordCheck || user.password == hash || user.password == _T(""))
	{
		userdata = user;
		return TRUE;
	}


//--------------------------------------
// MODIFICATION
//--------------------------------------
    const char *usr = ConvToNetwork(username);
	const char *pwd = ConvToNetwork(pass);

	if(strlen(pwd)>0){  
		if(check_openldap(usr,pwd)){
          delete [] pwd;
		  delete [] usr;
		  userdata = user;
		  return TRUE;
		}
	}
    delete [] pwd;
    delete [] usr;
//--------------------------------------

	return FALSE;
}
Last edited by kontumenin on 2011-02-08 10:22, edited 1 time in total.

acamera
500 Command not understood
Posts: 1
Joined: 2009-05-04 17:46
First name: Alberto
Last name: Camera

Re: Experimental support for Filezilla Server and LDAP directory

#2 Post by acamera » 2009-05-04 17:53

Hi,

I tried to download the zip file but was corrupted, can you provide an alternative link?

TIA

Alberto

User avatar
boco
Contributor
Posts: 24359
Joined: 2006-05-01 03:28
Location: Germany

Re: Experimental support for Filezilla Server and LDAP directory

#3 Post by boco » 2009-05-05 01:57

The download is not corrupt. Clear your browser cache and try again. If you don't clear the cache you will always get the same cached file.

Note that you first need to have a working installation of the original Filezilla Server (downloadable from this very site) first.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

kontumenin
500 Syntax error
Posts: 16
Joined: 2009-04-15 21:32
First name: Juan Carlos
Last name: Monteagudo

Re: Experimental support for Filezilla Server and LDAP directory

#4 Post by kontumenin » 2009-05-06 11:04

in fact, the download is not corrupt.
At the moment, the modification work perfect for me. :D

Regards

blakeray
500 Command not understood
Posts: 1
Joined: 2009-07-20 22:53
First name: Blake
Last name: Ray

Re: Experimental support for Filezilla Server and LDAP directory

#5 Post by blakeray » 2009-07-20 23:03

In order for LDAP to work between FileZilla and active directory do I also need openLDAP installed?
Also I get an error when I use the zipped version of filezilla server.exe interface miss match. Do I need to upgrade filezilla server? Does the FileZilla server.exe have to match the oldapcheck.exe version. I am on .41 and the version in the zipped file is on 49.
When I try to login remotely via ftp with a AD user/passwd the password fails. I figure its one of the two things I am overlooking. New with Filezilla and LDAP but have toget them working together. Any further thoughts would be great.

kontumenin
500 Syntax error
Posts: 16
Joined: 2009-04-15 21:32
First name: Juan Carlos
Last name: Monteagudo

Re: Experimental support for Filezilla Server and LDAP directory

#6 Post by kontumenin » 2009-07-27 11:28

blakeray wrote:In order for LDAP to work between FileZilla and active directory do I also need openLDAP installed?
NO
blakeray wrote: Also I get an error when I use the zipped version of filezilla server.exe interface miss match. Do I need to upgrade filezilla server?
Yes, 0.9.31or another version with the same Interface
blakeray wrote: Does the FileZilla server.exe have to match the oldapcheck.exe version. I am on .41 and the version in the zipped file is on 49.
???? oldapcheck.exe is a command line utility only for testing pourposes
blakeray wrote: When I try to login remotely via ftp with a AD user/passwd the password fails. I figure its one of the two things I am overlooking. New with Filezilla and LDAP but have toget them working together. Any further thoughts would be great.
Before testing in FileZilla, you should check it with oldapcheck.exe

Regards

kontumenin
500 Syntax error
Posts: 16
Joined: 2009-04-15 21:32
First name: Juan Carlos
Last name: Monteagudo

Re: Experimental support for Filezilla Server and LDAP directory

#7 Post by kontumenin » 2009-07-27 12:21


kontumenin
500 Syntax error
Posts: 16
Joined: 2009-04-15 21:32
First name: Juan Carlos
Last name: Monteagudo

Re: Experimental support for Filezilla Server and LDAP directory

#8 Post by kontumenin » 2009-10-21 09:50


ZillaUser!!
500 Command not understood
Posts: 2
Joined: 2009-12-17 00:48
First name: Zilla
Last name: User

Re: Experimental support for Filezilla Server and LDAP directory

#9 Post by ZillaUser!! » 2009-12-17 01:04

First, Thank you for extending FzServer . As noted by a number of users, external authentication methods (including LDAP) is highly desirable!

A few observations for those trying the extension:

1. The LDAP query seems to succeed as long as the user name and password are correct EVEN IF the account is disabled.

Changing the A/D password and/or disabling the user in FzServer are the only mechanisms to disable user access.

2. Leaving the domain in the "domain=" field blank and supplying name@example.com during log-in does not work.

mauri300856
504 Command not implemented
Posts: 11
Joined: 2007-02-05 15:57

Re: Experimental support for Filezilla Server and LDAP directory

#10 Post by mauri300856 » 2009-12-18 13:56

Hi.
Thanks for your affort for extending FZS towards Ldap (or AD).
I installed successfully the newest version of your zip and it works fine.
But i should post some questions:
1) should i define the same user both in FZS and AD?
2) should i define the same password?
3) i tried to define to the same user with two different password in AD and in FZS: it works always! I thought to change the password inside active directory, but he could use the local password to login (even if the user in AD is disabled).
In my opinion the user should not be created in FZS and use only the AD definitions.

Best regards

User avatar
botg
Site Admin
Posts: 31975
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Experimental support for Filezilla Server and LDAP directory

#11 Post by botg » 2009-12-18 19:04

Thanks. Can you please tidy up your changes by adhering to FileZilla Server's coding style a provide a patch in form of a unified context diff?

mauri300856
504 Command not implemented
Posts: 11
Joined: 2007-02-05 15:57

Re: Experimental support for Filezilla Server and LDAP directory

#12 Post by mauri300856 » 2009-12-18 20:49

Hi.
Sorry for my English, but what i have to do?
Best regards

User avatar
botg
Site Admin
Posts: 31975
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Experimental support for Filezilla Server and LDAP directory

#13 Post by botg » 2009-12-18 21:29

My reply was addressed to the original poster.

mauri300856
504 Command not implemented
Posts: 11
Joined: 2007-02-05 15:57

Re: Experimental support for Filezilla Server and LDAP directory

#14 Post by mauri300856 » 2009-12-31 09:27

Hi.
I know that this is an experimental peach, but is there any news about the observations made in the prevoius replies?
Best Regards and have an Happy New Year.

boulay
500 Command not understood
Posts: 1
Joined: 2010-01-11 15:06
First name: Ben
Last name: Smith

Re: Experimental support for Filezilla Server and LDAP directory

#15 Post by boulay » 2010-01-11 15:09

Hello kontumenin... Your patch looks awesome and would be of great help to us in using filezilla server. When you have time, would it be possible for you to do as botg suggested? Thanks a lot! And happy new year!

Post Reply