Skip to content

Releases: orware/sftpgo-ldap

sftpgo-ldap v0.9

29 Mar 22:06
@orware orware
0.9
e111778
Compare
Choose a tag to compare
sftpgo-ldap v0.9 Latest
Latest

Added in support for a remote SFTP server to be included in the output object configuration.

The #USERNAME# placeholder will be replaced in the endpoint and username parts of the configuration in addition to the prefix area (which is the main one needed if you want per-user folders on the remote SFTP server) along with the additional_data field.

You can also optionally use #PASSWORD# for the payload area and if it's detected it will automatically replace the placeholder with the same password the user is logging in with, rather than using a hardcoded value from the configuration.php file. I'm not really sure how common that use case would be (where someone needs their own username and password info to be used when connecting to the remote SFTP server) but I figured it might be useful to someone so I included it.

Below is an example connection-specific output object that has most everything in place you would need to get started with a remote SFTP proxy setup in your configuration.php file.

$connection_output_objects['example'] = [
    'status' => 1,
    'username' => '',
    'expiration_date' => 0,
    'home_dir' => '',
    'uid' => 0,
    'gid' => 0,
    'max_sessions' => 0,
    'quota_size' => 0,
    'quota_files' => 100000,
    'permissions' => [
        "/" => ["*"],
    ],
    'upload_bandwidth' => 0,
    'download_bandwidth' => 0,
    'filters' => [
        'allowed_ip' => [],
        'denied_ip' => [],
    ],
    'public_keys' => [],
    'filesystem' => [
        'provider' => 5,
		'sftpconfig' => [
			'endpoint' => 'remote-sftp.example.com:22',
			'username' => 'remote_username',
			'password' => [
				'status' => 'Plain',
				'payload' => 'remote_password',
				'key' => '',
				'additional_data' => '#USERNAME#'
			],
			'private_key' => null,
			'fingerprints' => [
				'SHA256:<LONG_FINGERPRINT_VALUE_HERE>',
			],
			'prefix' => '/remote/path/home/example/#USERNAME#'
		]
    ],
];
Assets 4
Loading

sftpgo-ldap v0.8

18 Mar 00:26
@orware orware
0.8
4e3123e
Compare
Choose a tag to compare
sftpgo-ldap v0.8

Added in a new allowed group prefixes configuration item (you can specify one or more allowed group prefixes in an array).

This allows you to enable auto mode for groups, but limit creation to just those groups with a matching prefix (e.g. this helps prevent someone with a lot of groups from automatically having them get all created in SFTPGo, but you can start to use a common prefix such as "sftpgo-" for new groups, and then only those will be targeted for automatic creation within SFTPGo...as a convenience feature, any prefix matches will be removed automatically from the group name, so "sftpgo-example" would end up simply being listed as "example" within the /groups virtual path used in the default virtual folder template example).

Assets 4
Loading

sftpgo-ldap v0.7

17 Mar 00:16
@orware orware
0.7
0a59f96
Compare
Choose a tag to compare
sftpgo-ldap v0.7

Primarily added support for Active Directory groups to be added as virtual folders.

  • There is an $auto_groups_mode option which is set to false by default.
  • If set to true, then the $auto_groups_mode_virtual_folder_template will be used for all groups a user has, and folders will be automatically created for them.
  • You can leave the automatic mode off, and instead use $allowed_groups .
  • In that case, you will need to define entries for each group you want to allow (you must use a normalized version of the group name as well, so this would mainly mean using all lowercase letters, converting spaces to hyphens, etc. otherwise the group name won't match up correctly).

Just like the $virtual_folders entries, you must use a nested array in these cases since you can technically define more than one virtual folder for each group if you wish.

Assets 4
Loading

sftpgo-ldap v0.6

16 Mar 19:33
@orware orware
0.6
f6323e8
Compare
Choose a tag to compare
sftpgo-ldap v0.6

Skipping the 0.5 release (was going to post it as an update yesterday but didn't).

The 0.6 release incorporates:

  • A new conversion to lowercase for usernames option (this helps to ensure consistency with generated folder names primarily so they are all lowercased when created)
  • Added a minimum length option for the username (this helps filter out short usernames from having an authentication attempt)
  • Added a username blacklist where specific usernames can be provided (these will automatically be denied so no authentication attempt will occur for the listed usernames in the blacklist).
Assets 4
Loading

sftpgo-ldap v0.4

15 Mar 01:16
@orware orware
0.4
e108ac5
Compare
Choose a tag to compare
sftpgo-ldap v0.4

Primarily added some additional logging calls in, along with some adjustments to how the LDAP connections are made.

The changes related to the LDAP connections aren't as important for this repository, but they were important for the sftpgo-ldap-http-server repository, since that process is long-lived, the fact that I wasn't disconnecting from the LDAP connections was providing to be problematic (which isn't as big of an issue for the normally short-lived web or CLI requests made via the code in this repository).

Now, the code will disconnect from the LDAP connections properly after the authentication attempts are made.

Assets 4
Loading

sftpgo-ldap v0.3

14 Mar 23:48
@orware orware
0.3
6bf7e8b
Compare
Choose a tag to compare
sftpgo-ldap v0.3

Minor updates over v0.1. Skipping the v0.2 release to help keep the version number the same as the separate sftpgo-ldap-http-server project.

Mainly added in some support for extra functionality (but otherwise is unchanged):

  • Overrides for the output object at the connection or username levels are now possible (this provides extra flexibility in over the previous version since before you would only be able to use the default output object template from the configuration for all users that logged in via this project's code).
  • You can also list email domains you may want to have stripped from the username a user enters (this would allow [email protected] to become simply username if you have example.com in the list of domains to strip automatically).
Assets 4
Loading

sftpgo-ldap v0.1

13 Mar 18:03
@orware orware
0.1
692b5c5
Compare
Choose a tag to compare
sftpgo-ldap v0.1

This relatively simple PHP project was created to integrate with SFTPGo (https://github.com/drakkan/sftpgo/) and it's external_auth_hook and can be used both in web or CLI modes depending on your preference.

To use for web mode you can clone this project and install the composer dependencies and then copy configuration.example.php to configuration.php and customize the LDAP settings for your environment. Once you have the project up and running on your web server, when you add the URL into the SFTPGo JSON configuration file, keep in mind you may have to point explicitly to the index.php (e.g. https://www.example.com/sftpgo-ldap/index.php) to help avoid an accidental issue resulting in a 301 redirect on your server that might prevent SFTPGo from correctly authenticating you.

To use for CLI mode, the larger ZIP file below contains an EXE where the index.php, along with the PHP runtime, has been embedded, but the rest of the files are present within a Data folder, allowing you to still customize things, including the functions, if desired. In the Data folder you would still copy the configuration.example.php to configuration.php and customize the LDAP settings for your environment. (Keep in mind, that for Windows paths, the SFTPGo JSON configuration file will require double backslashes in the path you provide to it, so if you extract the ZIP file directly into C:\cli the path you would put into the SFTPGo JSON configuration file would be C:\\cli\\sftpgo-ldap-cli.exe.

Assets 4
Loading