I had a requirement to restrict who could log into a ftp server, to automatically create their home directory – but in a different directory thats set in LDAP – with the correct permissions, and then to chroot them into here. ProFTPd with mod_ldap happened to be the answer, although it took a little bit of fiddling to get the right settings, as below:
LDAPServer ldap.example.com LDAPDoAuth on "ou=people,dc=example,dc=com" "(&(uid=%v)(objectclass=posixAccount))" LDAPDoUIDLookups on "ou=people,dc=example,dc=com" CreateHome on 755 LDAPGenerateHomedir on LDAPGenerateHomedirPrefix /path/to/base/dir LDAPForceGeneratedHomedir on RequireValidShell no DefaultRoot ~
You can easily set this to autogenerate the home directory from the
homeDirectory attribute in LDAP by removing the
LDAPForceGeneratedHomedir lines. See the docs for more details on the directives.