i cant get ssh key from freeipa

[Pengwin61]

Hello. I am using the following build. When accessing FreeIpa, the module does not pull the key

proftpd -vv
daemon[3476968]: processing configuration directory '/etc/proftpd/conf.d'
ProFTPD Version: 1.3.6e (maint)
  Scoreboard Version: 01040003
  Built: Wed Aug 3 2022 16:51:01 MSK

Loaded modules:
  mod_sftp_ldap/0.1
  mod_vroot/0.9.5
  mod_sftp/1.0.0
  mod_ctrls_admin/0.9.9
  mod_ldap/2.9.4
  mod_lang/1.1
  mod_ctrls/0.9.5
  mod_cap/1.1
  mod_memcache/0.1
  mod_tls/2.7
  mod_auth_pam/1.2
  mod_readme/1.0
  mod_ident/1.0
  mod_dso/0.5
  mod_facts/0.6
  mod_delay/0.7
  mod_site.c
  mod_log.c
  mod_ls.c
  mod_auth.c
  mod_auth_file/1.0
  mod_auth_unix.c
  mod_rlimit/1.0
  mod_xfer.c
  mod_core.c

logs

2023-08-08 15:55:54,792 mod_ldap/2.9.4[3485049]: generated filter (uid=openuds.test2) from template (uid=%u) and value openuds.test2
2023-08-08 15:55:54,793 mod_ldap/2.9.4[3485049]: searched under base DN cn=users,cn=accounts,dc=XXX,dc=XX using filter (uid=openuds.test2)
2023-08-08 15:55:54,793 mod_ldap/2.9.4[3485049]: fetching values for attribute uid
2023-08-08 15:55:54,793 mod_ldap/2.9.4[3485049]: fetching values for attribute uidNumber
2023-08-08 15:55:54,793 mod_ldap/2.9.4[3485049]: fetching values for attribute gidNumber
2023-08-08 15:55:54,793 mod_ldap/2.9.4[3485049]: fetching values for attribute homeDirectory
2023-08-08 15:55:54,793 mod_ldap/2.9.4[3485049]: fetching values for attribute loginShell
2023-08-08 15:55:54,793 mod_ldap/2.9.4[3485049]: found user openuds.test2, UID 1026900508, GID 1026900508, homedir /home/openuds.test2, shell /b

[Castaglia]

Can you provide the ProFTPD configuration you're using, please?

[Pengwin61]

I'm using RedOS 7.3 it's based on CentOS 7. I'm using Proftpd from the binary as a package, installed mod_sftp_ldap with prxs. FreeIpa deployed in production as a container.

proftpd -l
Compiled-in modules:
  mod_core.c
  mod_xfer.c
  mod_rlimit.c
  mod_auth_unix.c
  mod_auth_file.c
  mod_auth.c
  mod_ls.c
  mod_log.c
  mod_site.c
  mod_delay.c
  mod_facts.c
  mod_dso.c
  mod_ident.c
  mod_readme.c
  mod_auth_pam.c
  mod_tls.c
  mod_memcache.c
  mod_cap.c
  mod_ctrls.c
  mod_lang.c

[Castaglia]

To diagnose the issue, I'll need to see your proftpd.conf settings.

[Pengwin61]

Sorry for not attaching this file sooner. I use batch install from my os distribution proftpd.txt modules.txt

Yesterday, on a test VM, I tried to build a newer version of proftpd 1.3.8 than in the repositories of my OS, but I ran into the fact that I could not build the ldap module. What do I mean by this, if I can’t figure out how to solve the problem with my batch installation, then I’m ready to build from source

update: I managed to build the ldap module by installing headers, I'm trying to build the entire project from the source

[Castaglia]

Thanks. Do you have any .conf files that contain your mod_ldap (and mod_sftp) configurations? Those are the relevant configurations for this particular ticket.

[Pengwin61]

Sorry, here are my config files. I am also building a project from sources in parallel and noticed that on version mod_ldap/2.9.5 with the same config, connection to freeIPA does not work. Connection string error.

Checking syntax of configuration file
2023-08-11 18:56:53,223 mk0vm1035.domain proftpd[1076652] mk0vm1035.domain : LDAPServer: parsed URL 'ldap://mk0cr1001.domain :389/??sub' as 'ldap://mk0cr1001.domain :389/??sub'

sftp.txt ldap.txt

[Castaglia]

Can you provide the SFTPLog and LDAPLog, for an SFTP login? I'd like to better understand why you think mod_ldap is not looking for the SSH public key for your user. Is it based purely on the log messages you see (or don't see), or are there are other login issues you are encountering?