Proftpd user login rewrite

Ok, this is the first post.

As I have already explained in the “About” page, I was dealing with systems running Webmin/Virtualmin.

The old system was configured to use a username@domain format “for usernames that include domain”, while the new system was using a username-domain format because of Postfix.

Note that while it is possible to use the username@domain format as well with Postfix, I do not recommend it as it is in my opinion messy. Also at a certain point Webmin 1.5.10 will destroy the mechanism put in place to make it work, so it is not worth it.

Anyway back to the main matter…

I am sure your end users are just like mine, so it is already a challenge for many of them to understand that to access the server they need to append “@something.else” to their names because there are too many Joes in the system.

Now imagine having to explain to these challenged and confused people, that from next week they will need to use a “dash” instead of an “at” after their names: it would be a lost cause.

So instead of wasting your time and energy, the easiest way to handle the situation is to use ProFTPd rewriting rules.

Basically you will ask ProFTPd: to take whatever the user put after the USER command and replace “@” (if any) with ““.

So joe@example.com will magically become joe-example.com. Since the former is not defined anywhere in /etc/passwd/ and /etc/shadow, but the latter is, the user will login even if the username was initially incorrect.

To make it happen, just open /etc/proftpd.conf and add the following:

RewriteEngine on
RewriteMap replace int:replaceall
RewriteLog /var/log/proftpd/rewrite.log
RewriteCondition %m USER
RewriteRule ^(.*) ${replace:/$1/@/-}

The RewriteLog line will turn on the logs for when you need to diagnose any problem that should arise.

Now just reload the configuration:

service proftpd reload

or restart ProFTPd altogether:

service proftpd restart

Now a couple of things to consider: mod_rewrite is a contrib module, it means that you must check if your ProFTPd was compiled with it or not.

To check if it is a built-in module,  just execute:

proftpd -l

To check if mod_rewrite is available as loadable module execute the following:

rpm -q --dump proftpd | grep .so

or just check what you have in /usr/libexec/proftpd/ that is the default location ProFTPd modules are installed under CentOS 5 .

If the module is not there, you are out of luck. Either package your own RPM or find an RPM containing the modules you need already compiled.

Installing something compiled from source would be a bad idea because sooner or later you would break your CentOS installation, anyway theoretically you could just compile ProFTPd and throw away everything but mod_rewrite.so instead of performing also the installation (since you are not going to perform the installation, will skip the part where I tell you how tedius it would be to specify the many, many configure directives you would need in a CentOS environment).

Advertisements
This entry was posted in Migration Project and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s