Ive got Novell OES Linux with PureFTP/PureFTPd server running fine and local users logging in. I want LDAP authentication against eDirectory/eDir as well.

I've done the configuration file changes and an anonymous bind configuration file and via a packect sniff I can see the LDAP connection and Search Request coming from my OES server to my eDir master replica. The Search Request asks for a few things objects (or object classes???) that aren't actually in eDir and of course don't get returned.

One of those attributes is 'userPassword'. I'm guessing that since 'userPassword' doesn't get returned, PureFTP cannot compare the crypt() hash of the password I typed in the ftp client and the one my eDir server returns. I do see however, that the search is successful and the eDir server returns the uidNumber, homeDirectory, loginShell, gidNumber, etc. I assume that this means a successful password session was entered. If I use the incorrect password, the eDir server returns nothing (as it should).

I don't really want to create accounts on the OES box, nor do I want to install eDir on the box itself since this is acting as my firewall and I don't want a direct connection to my eDir database in case the server is comprimised. All I want is for users to type their name and password in, and have the FTP serve chroot them into a common directory so that they may upload/download files that are too big for transport via email.

I'm at a loss. Any ideas?

I'm doing an anonymous bind: here's my pureftp-ldap.conf file:

LDAPServer myserver.mydomain.com
LDAPPort 389
LDAPBaseDN t=mytree

Here's my pureftp.conf file:

AllowAnonymousFXP no
AllowDotFiles yes
AllowUserFXP yes
AnonymousCanCreateDirs no
AnonymousCantUpload yes
AnonymousOnly no
AntiWarez yes
AutoRename yes
BrokenClientsCompatibility no
ChrootEveryone yes
CreateHomeDir yes
CustomerProof yes
Daemonize yes
DisplayDotFiles yes
DontResolve no
LDAPConfigFile /etc/pure-ftpd/pure-ftpd-ldap.conf
LimitRecursion 2000 8
MaxClientsNumber 10
MaxClientsPerIP 3
MaxDiskUsage 99
MaxIdleTime 15
MaxLoad 4
MinUID 100
NoAnonymous yes
NoRename yes
ProhibitDotFilesRead no
ProhibitDotFilesWrite yes
SyslogFacility ftp
Umask 177:077
VerboseLog yes