![]() These attributes are uidNumber, gidNumber, and unixHomeDirectory. Or if your looking at the source it would be the / etc/ confd/ templates/ file which gets copied to /etc/nf on container start via the confd process.Įach user in AD needs 3 attributes set in order for them to be sucked in by nslcd. These mappings are located in the /etc/nf file. To make AD authentication work properly the mapping had to be configured. Now in the container start script (/sbin/init.sh) the line below runs confd which will take all our environment variables (keys), build to config file and copy it into the correct location (dest).Ĭonfd -onetime -backend env Active Directory Authentication tmpl extension and change the key values to the confd strings.Įxample: pasv_address= Just copy your config files here, rename them with a. These are your config files with the variable string confd uses. Note: environment variables have to be all caps. “/vsftpd/pasv/address” is the environment variable VSFTPD_PASV_ADDRESS we pass at container runtime. Keys = these correspond to the environment variable we want confd to use. You will have a template file for each config you want confd to update.ĭest = where confd is going to write the file after it does its thing Src = name of the template file located in /etc/confd/templates. toml files located in /etc/confd/cond.d and look like this: To get confd working you needed the config files instructing confd what to do. Refer to the confd project for more detail. I am going to do a high-level review of how this works. That turned out to be a giant PITA so I starting digging for alternates and come across confd. At first, I started off trying to use bash scripting to dynamically build the config. I also did not want to store passwords and other revealing information in the config files because it’s best practice not to and because I wanted to share the project with the public. I wanted a way to dynamically adjust settings without having to rebuild the entire container. This is a standard LDAP filter and can be modified to fit whatever you would like. LDAP_FILTERMEMBEROF – I only wanted to allow members of a certain group to have FTP rights to this server. Without this, you will be unable to connect using passive FTP. PASV_ADDRESS – this needs to be set to the IP address of the host the container is running on. VSFTPD_SSL_PUBLICKEY: /etc/ssl/certs/publickey.pem VSFTPD_SSL_PRIVATEKEY: /etc/ssl/certs/privatekey.key LDAP_SSL_CACERTFILE: /etc/ssl/certs/ca-certificates.crt LDAP_FILTERMEMBEROF: memberOf=distinguished name of group ![]() ![]() The environment variables you will need to run this solution as-is are: It’s using confd as a method to dynamically configure the services using environment variables I pass via a kubernetes configmap and secret. It’s using the libpam-ldapd module for authentication. This project is based on vsftpd and ubuntu 18.04. Source code for this project is located at Running the container Shout out to the most useful blog I ran across that help me get further down the line was: After several hours of tinkering around and reading blog after blog (thank you all for inspiration!) I finally have a working configuration that is stable. I am working on a project that required me to come up with a container that could do FTP and use active directory as its authentication provider. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |