Hi, I missed the comment on the LDAP authentication. I seem to be not getting all of the emails. Anyway, I backed out the change I made and I seemed to work. Here is my setup: 1. Each user is under ou=people 2. For now, all successfully authenticated users are assumed valid (no flag check) 3. The only attribute I set for is validcommands All seems to work, except that after the user's validcommands attribute is read, it then checks the config file overwriting the value pulled from LDAP. This bevahior looks to be consitant among several users. Here is the debug output: 18:00:27 <22767> USER-INF reading data for 'someuser' from LDAP 18:00:27 <22767> DestAddr for x.x.x.x: '152.2.210.81' 18:00:27 <22767> DestPort for x.x.x.x: 21 18:00:27 <22767> DestMode for x.x.x.x: client 18:00:27 <22767> DestRange for x.x.x.x: 0-0 18:00:27 <22767> ActiveRange for x.x.x.x: 20-20 18:00:27 <22767> PassiveRange for x.x.x.x: 0-0 18:00:27 <22767> SameAddress for x.x.x.x: yes 18:00:27 <22767> TimeOut for x.x.x.x: 900 18:00:27 <22767> allowed: 'ABOR' 18:00:27 <22767> allowed: 'ACCT' 18:00:27 <22767> allowed: 'ALLO' 18:00:27 <22767> allowed: 'APPE' 18:00:27 <22767> allowed: 'CDUP' 18:00:27 <22767> allowed: 'CWD' 18:00:27 <22767> allowed: 'DELE' 18:00:27 <22767> allowed: 'HELP' 18:00:27 <22767> allowed: 'LIST' 18:00:27 <22767> allowed: 'MAIL' 18:00:27 <22767> allowed: 'MDTM' 18:00:27 <22767> allowed: 'MKD' 18:00:27 <22767> allowed: 'MLFL' 18:00:27 <22767> allowed: 'MODE' 18:00:27 <22767> allowed: 'MRCP' 18:00:27 <22767> allowed: 'MRSQ' 18:00:27 <22767> allowed: 'MSAM' 18:00:27 <22767> allowed: 'MSND' 18:00:27 <22767> allowed: 'MSOM' 18:00:27 <22767> allowed: 'NLST' 18:00:27 <22767> allowed: 'NOOP' 18:00:27 <22767> allowed: 'PASS' 18:00:27 <22767> allowed: 'PASV' 18:00:27 <22767> allowed: 'PORT' 18:00:27 <22767> allowed: 'PWD' 18:00:27 <22767> allowed: 'QUIT' 18:00:27 <22767> allowed: 'REIN' 18:00:27 <22767> allowed: 'REST' 18:00:27 <22767> allowed: 'RETR' 18:00:27 <22767> allowed: 'RMD' 18:00:27 <22767> allowed: 'RNFR' 18:00:27 <22767> allowed: 'RNTO' 18:00:27 <22767> allowed: 'SITE' 18:00:27 <22767> allowed: 'SIZE' 18:00:27 <22767> allowed: 'SMNT' 18:00:27 <22767> allowed: 'STAT' 18:00:27 <22767> allowed: 'STOR' 18:00:27 <22767> allowed: 'STOU' 18:00:27 <22767> allowed: 'STRU' 18:00:27 <22767> allowed: 'SYST' 18:00:27 <22767> allowed: 'TYPE' 18:00:27 <22767> allowed: 'USER' 18:00:27 <22767> allowed: 'XCUP' 18:00:27 <22767> allowed: 'XCWD' 18:00:27 <22767> allowed: 'XMKD' 18:00:27 <22767> allowed: 'XPWD' 18:00:27 <22767> allowed: 'XRMD' 18:00:27 <22767> USER-INF reading data for 'someuser' from cfg-file 18:00:27 <22767> DestAddr for x.x.x.x: '152.2.210.81' 18:00:27 <22767> DestPort for x.x.x.x: 21 18:00:27 <22767> DestMode for x.x.x.x: client 18:00:27 <22767> DestRange for x.x.x.x: 0-0 18:00:27 <22767> ActiveRange for x.x.x.x: 20-20 18:00:27 <22767> PassiveRange for x.x.x.x: 0-0 18:00:27 <22767> SameAddress for x.x.x.x: yes 18:00:27 <22767> TimeOut for x.x.x.x: 900 18:00:27 <22767> allowed: 'ABOR' 18:00:27 <22767> allowed: 'ACCT' 18:00:27 <22767> allowed: 'ALLO' 18:00:27 <22767> allowed: 'CDUP' 18:00:27 <22767> allowed: 'CWD' 18:00:27 <22767> allowed: 'DELE' 18:00:27 <22767> allowed: 'HELP' 18:00:27 <22767> allowed: 'LIST' 18:00:27 <22767> allowed: 'MDTM' 18:00:27 <22767> allowed: 'MKD' 18:00:27 <22767> allowed: 'MODE' 18:00:27 <22767> allowed: 'NLST' 18:00:27 <22767> allowed: 'NOOP' 18:00:27 <22767> allowed: 'PASS' 18:00:27 <22767> allowed: 'PASV' 18:00:27 <22767> allowed: 'PORT' 18:00:27 <22767> allowed: 'PWD' 18:00:27 <22767> allowed: 'QUIT' 18:00:27 <22767> allowed: 'REIN' 18:00:27 <22767> allowed: 'REST' 18:00:27 <22767> allowed: 'RETR' 18:00:27 <22767> allowed: 'RMD' 18:00:27 <22767> allowed: 'RNFR' 18:00:27 <22767> allowed: 'RNTO' 18:00:27 <22767> allowed: 'SITE' 18:00:27 <22767> allowed: 'SIZE' 18:00:27 <22767> allowed: 'SMNT' 18:00:27 <22767> allowed: 'STAT' 18:00:27 <22767> allowed: 'STRU' 18:00:27 <22767> allowed: 'SYST' 18:00:27 <22767> allowed: 'TYPE' 18:00:27 <22767> allowed: 'USER' 18:00:27 <22767> allowed: 'XCUP' 18:00:27 <22767> allowed: 'XCWD' 18:00:27 <22767> allowed: 'XMKD' 18:00:27 <22767> allowed: 'XPWD' 18:00:27 <22767> allowed: 'XRMD' As you can see, it reads the config file and changes my permissions. As a side note, if this attribute isn't found, would the correct behaviour check the file after the ldap server if the attribute isn't found? (another owrds, if you don't set the validcommands attribute explicitly, will it default to the config file?) I downloaded the previous version and pasted the code from that version into the current and added the who and pwd parameters to the ldap_fetch function call. The file is ftp-ldap.c I'm not entirely sure why the old code works and the new doesn't seem to. They appear to do exactly the same thing. My environment is Solaris 8 ultrasparc, netscape directory server 4.12. Let me know if you have any insight into this or let me know if you need any more information. PS: How much support is here for sftp? Is there anything more to setting it up that pointing to the openssl installation? Thanks, -Jon #if defined(HAVE_LIBLDAP) /* ** If an LDAP server is configured, insist on using it */ #################this doesn't seem to work #################### //if ((p = config_str(NULL, "LDAPServer", NULL)) != NULL) { // int rc = ldap_fetch(ctx, p, who, pwd); /* ** check if we have to read profile from config... */ // syslog_write(T_DBG, "ldap_fetch returned %d", rc); // if(0 != rc) return rc; // } ################I got this from 1.8.2.2 ######################### if ((p = config_str(NULL, "LDAPServer", NULL)) != NULL) { int rc; if ((rc = ldap_fetch(ctx, p, who, pwd)) != LDAP_SUCCESS) { errno = 0; syslog_write(T_DBG, "can't read LDAP data " "for %s: %.512s", ctx->cli_ctrl->peer, ldap_err2string(lderr)); exit(EXIT_FAILURE); } if (ctx->srv_addr != (u_int32_t) 0) { syslog_write(U_INF, "reading data for '%s' from LDAP", ctx->username); return 0; /* LDAP has delivered */ } } #endif _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com