Integration/PureFTPd.iRedMail.with.OpenLDAP/CentOS

From iRedMail
Jump to: navigation, search

Contents

Install Pure-FTPd

Use rpmforge yum repository to install pure-ftpd.

Terminal:
# ---- For i386 ----
# rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

# ---- For x86_64 ----
# rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Install PureFTPD

Terminal:
# yum install pure-ftpd

Find vmail user password

For security reason, we only need to use the vmail user to search ldap, not suggest use the admin to search.

vmail password was random create duiring iredmail install.you can find the password in /etc/postfix/ldap_virtual_mailbox_domains.cf

  • Open /etc/postfix/ldap_virtual_mailbox_domains.cf :
File: /etc/postfix/ldap_virtual_mailbox_domains.cf
bind_dn         = cn=vmail,dc=example,dc=com
bind_pw         = kZ6uB29mViWKWI9lOH3cGnF7z3Dw3B #cn=vmail password

Config the LDAP setting for PureFTPD

  • Open /etc/pure-ftpd/pureftpd-ldap.conf and change the value :
File: /etc/pure-ftpd/pureftpd-ldap.conf
LDAPServer localhost
LDAPPort 389
LDAPBaseDN o=domains,dc=example,dc=com
LDAPBindDN cn=vmail,dc=example,dc=com
LDAPBindPW kZ6uB29mViWKWI9lOH3cGnF7z3Dw3B #cn=vmail password 
LDAPDefaultUID 500      # <- UID of 'vmail' user.
LDAPDefaultGID 500      # <- GID of 'vmail' user.
LDAPFilter (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
LDAPHomeDir FTPHomeDir  # <- This is new attribute, we will add it
LDAPVersion 3

Config OpenLDAP

  • Get the schema modify by iredmail
Terminal:
#wget http://iredmail.googlecode.com/svn/trunk/extra/pureftpd.schema -P /etc/openldap/schema/ 
  • Open /etc/openldap/slapd.conf:include pureftpd.schema after iredmail.schema and Add index for attributes defined in pureftpd.schema:
File: /etc/openldap/slapd.conf
include /etc/openldap/schema/iredmail.schema
include /etc/openldap/schema/pureftpd.schema    # <-- Add this line.


# Default index.
#
index objectClass                                   eq,pres
index ou,cn,mail,surname,givenname,telephoneNumber  eq,pres,sub
index uidNumber,gidNumber,loginShell                eq,pres
index uid,memberUid                                 eq,pres,sub
index nisMapName,nisMapEntry                        eq,pres,sub
# <-- Add the below
#Index for FTP attrs.
index FTPQuotaFiles,FTPQuotaMBytes eq,pres
index FTPUploadRatio,FTPDownloadRatio eq,pres
index FTPUploadBandwidth,FTPDownloadBandwidth eq,pres
index FTPStatus,FTPuid,FTPgid,FTPHomeDir eq,pres

Create FTP Home Dir

FTP data are all stored in /home/ftp/ directory.Create /home/ftp/, owner must be 'root' user.


Terminal:
#mkdir /home/ftp/
#ls -dl /home/ftp
drwxr-xr-x 3 root root 4096 Jun  7 20:18 /home/ftp/

Restart OpenLDAP and PureFTPD Service

Make sure pure-ftpd is running:

Terminal:
#/etc/init.d/ldap restart
#/etc/init.d/pure-ftpd restart 

#netstat -ntlp | grep pure-ftpd
tcp 0   0 0.0.0.0:21    0.0.0.0:*   LISTEN  2062/pure-ftpd (SERVER)
tcp 0   0 :::21         :::*        LISTEN  2062/pure-ftpd (SERVER)



Add LDAP FTP attributes and values for new user

use the iredmail tools quick create the user include the PureFTP attributes and values.

  • Open /iRedMail-x.y.z/tools/create_mail_user_OpenLDAP.sh and set correct values:
File: /iRedMail-x.y.z/tools/create_mail_user_OpenLDAP.sh
LDAP_SUFFIX="dc=example,dc=com" # <- Change the LDAP suffix 
BINDPW='passwd'                 # <- The user cn=manager,dc=example,dc=com password
PUREFTPD_INTEGRATION='YES'      # <- Change form NO to YES,enable the pureftp inteegration
  • Run the script create a user user1 and user2. by default, the default password is same with user name.
Terminal:
#bash create_mail_user_OpenLDAP.sh example.com user1 user2 

adding new entry "ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "ou=Groups,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "ou=Aliases,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
adding new entry "mail=user2@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"


Config iptables

By default the iredmail mail have not open 21 port,If you use the ftp client test, you need open the 20 and 21 port.

  • Open /etc/sysconfig/iptables and set correct values:
File: /etc/sysconfig/iptables
# http/https, smtp/smtps, pop3/pop3s, imap/imaps, ssh
-A INPUT -p tcp -m multiport --dport 80,443,25,465,110,995,143,993,587,465,22,20,21 -j ACCEPT # <-- Add 20 21 
  • Restart the iptables service
Terminal:
#/etc/init.d/iptables restart 

Testing

You can use windows FTP client or linux ftp client lftp test.

Terminal:
lftp localhost
lftp localhost:~> debug 4
lftp localhost:~> login user1@example.com user1 # <-- input the username and password
lftp user1@example.com@localhost:~> ls 

---- Connecting to localhost (127.0.0.1) port 21
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<--- 220-You are user number 1 of 50 allowed.
<--- 220-Local time is now 16:25. Server port: 21.
<--- 220-IPv6 connections are also welcome on this server.
<--- 220 You will be disconnected after 15 minutes of inactivity.
<--- 211-Extensions supported:
<---  EPRT
<---  IDLE
<---  MDTM
<---  SIZE
<---  REST STREAM
<---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<---  MLSD
<---  ESTP
<---  PASV
<---  EPSV
<---  SPSV
<---  ESTA
<---  AUTH TLS
<---  PBSZ
<---  PROT
<---  UTF8
<--- 211 End.
<--- 500 This security scheme is not implemented
<--- 200 OK, UTF-8 enabled
<--- 200  MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
<--- 331 User user1@example.com OK. Password required
<--- 230-Your bandwidth usage is restricted
<--- 230-User user1@example.com has group access to:  vmail   
<--- 230-You must respect a 1:5 (UL/DL) ratio
<--- 230-OK. Current restricted directory is /
<--- 230-0 files used (0%) - authorized: 50 files
<--- 230 0 Kbytes used (0%) - authorized: 10240 Kb
<--- 257 "/" is your current location
<--- 227 Entering Passive Mode (127,0,0,1,32,58)
<--- 150 Accepted data connection
drwxr-xr-x    2 500      vmail        4096 Jun 10 16:16 .
drwxr-xr-x    2 500      vmail        4096 Jun 10 16:16 ..
-rw-------    1 500      vmail           0 Jun 10 16:16 .ftpquota


Troubleshooting

Enable verbose log in pure-ftpd

  • Open /etc/pure-ftpd/pure-ftpd.conf and set correct values:
File: /etc/pure-ftpd/pure-ftpd.conf
VerboseLog                  yes # <-- change form no to yes 


  • Open /etc/syslog.conf and set correct values:
File: /etc/syslog.conf
ftp.*                       -/var/log/pureftpd.log # <-- Add entry

Enable OpenLDAP log

  • Open /etc/openldap/slapd.conf and set correct values:
File: /etc/openldap/slapd.conf
loglevel    256 # <-- change form 0 to 256  

Restart service

Terminal:
#/etc/init.d/pure-ftpd restart
#/etc/init.d/syslog restart
#/etc/init.d/ldap restart

Monitor /var/log/pureftpd.log and /var/log/openldap.log for troubleshooting.

Terminal:
tail -0f /var/log/openldap.log
tail -0f /var/log/pureftpd.log
Personal tools