Integration/PureFTPd.iRedMail.with.OpenLDAP/Debian

From iRedMail

(Difference between revisions)
Jump to: navigation, search
(Created page with '=Install Pure-FTPd= Install PureFTPD {{cmd|<pre> #apt-get install pure-ftpd-ldap </pre>}} =Find vmail user password= For security reason, we only need to use the vmail user …')
(Troubleshooting)
 
(11 intermediate revisions not shown)
Line 17: Line 17:
bind_dn        = cn=vmail,dc=example,dc=com
bind_dn        = cn=vmail,dc=example,dc=com
bind_pw        = kZ6uB29mViWKWI9lOH3cGnF7z3Dw3B #cn=vmail password
bind_pw        = kZ6uB29mViWKWI9lOH3cGnF7z3Dw3B #cn=vmail password
 +
 +
</pre>}}
 +
 +
=Config PureFTPD=
 +
 +
*Configure PureFTPd as a standalone daemon (it is currently controlled by inetd)
 +
 +
Open /etc/default/pure-ftpd-common  and set correct values:
 +
{{cfg|/etc/default/pure-ftpd-common |<pre>
 +
#STANDALONE_OR_INETD=inetd
 +
STANDALONE_OR_INETD=standalone    #change to standalone
 +
</pre>}}
 +
 +
Open /etc/inetd.conf and comment out the ftp line::
 +
{{cfg|/etc/inetd.conf |<pre>
 +
#ftp    stream  tcp    nowait  root    /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper
 +
</pre>}}
 +
 +
*Make PureFTPd chroot every virtual user in his home directory so he will not be able to browse directories and files outside his home directory.
 +
 +
{{cmd|<pre>
 +
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
 +
</pre>}}
 +
 +
*Make PureFTPd create a user's home directory when the user logs in and the home directory does not exist yet.
 +
 +
{{cmd|<pre>
 +
echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir
 +
</pre>}}
 +
 +
*Make that PureFTPd doesn't look up host names which can significantly speed up connections and reduce bandwidth usage.
 +
 +
{{cmd|<pre>
 +
echo "yes" > /etc/pure-ftpd/conf/DontResolve
 +
</pre>}}
 +
 +
 +
=Config PureFTPD LDAP setting=
 +
 +
* Open  /etc/pure-ftpd/db/ldap.conf and change the value :
 +
{{cfg| /etc/pure-ftpd/db/ldap.conf |<pre>
 +
LDAPServer localhost
 +
LDAPPort 389
 +
LDAPBaseDN o=domains,dc=example,dc=com
 +
LDAPBindDN cn=vmail,dc=example,dc=com
 +
LDAPBindPW kZ6uB29mViWKWI9lOH3cGnF7z3Dw3B #cn=vmail password
 +
LDAPDefaultUID 1000      # <- UID of 'vmail' user.
 +
LDAPDefaultGID 1000      # <- GID of 'vmail' user.
 +
LDAPFilter (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
 +
LDAPHomeDir FTPHomeDir  # <- This is new attribute, we will add it
 +
LDAPVersion 3
 +
</pre>}}
 +
 +
=Config OpenLDAP=
 +
 +
* Get the schema modify by iredmail
 +
 +
{{cmd|<pre>
 +
#wget http://iredmail.googlecode.com/svn/trunk/extra/pureftpd.schema -P /etc/ldap/schema/
 +
</pre>}}
 +
 +
* Open /etc/ldap/slapd.conf :include pureftpd.schema after iredmail.schema and Add index for attributes defined in pureftpd.schema:
 +
{{cfg|/etc/ldap/slapd.conf |<pre>
 +
include /etc/ldap/schema/iredmail.schema
 +
include /etc/ldap/schema/pureftpd.schema    # <-- Add this line.
 +
 +
 +
# Default index.
 +
#
 +
index objectClass                                  eq,pres
 +
index ou,cn,mail,surname,givenname,telephoneNumber  eq,pres,sub
 +
index uidNumber,gidNumber,loginShell                eq,pres
 +
index uid,memberUid                                eq,pres,sub
 +
index nisMapName,nisMapEntry                        eq,pres,sub
 +
# <-- Add the below
 +
#Index for FTP attrs.
 +
index FTPQuotaFiles,FTPQuotaMBytes eq,pres
 +
index FTPUploadRatio,FTPDownloadRatio eq,pres
 +
index FTPUploadBandwidth,FTPDownloadBandwidth eq,pres
 +
index FTPStatus,FTPuid,FTPgid,FTPHomeDir eq,pres
 +
 +
</pre>}}
 +
 +
 +
=Create FTP Home Dir=
 +
 +
FTP data are all stored in /home/ftp/ directory.Create /home/ftp/, owner must be 'root' user.
 +
 +
{{cmd|<pre>
 +
#mkdir /home/ftp/
 +
#ls -dl /home/ftp
 +
drwxr-xr-x 2 root root 4096 Oct  3 16:53 /home/ftp
 +
</pre>}}
 +
 +
=Restart OpenLDAP and PureFTPD Service=
 +
 +
Make sure pure-ftpd is running:
 +
 +
{{cmd|<pre>
 +
#/etc/init.d/slapd restart
 +
#/etc/init.d/pure-ftpd-ldap restart
 +
 +
# netstat -ntlp | grep pure-ftpd
 +
tcp        0      0 0.0.0.0:21              0.0.0.0:*              LISTEN      12548/pure-ftpd (SE
 +
tcp6      0      0 :::21                  :::*                    LISTEN      12548/pure-ftpd (SE
 +
 +
</pre>}}
 +
 +
=Add LDAP FTP attributes and values for new user=
 +
 +
use the iredmail tools quick create the user include the PureFTP attributes and values.
 +
 +
* Open /iRedMail-x.y.z/tools/create_mail_user_OpenLDAP.sh and set correct values:
 +
{{cfg|/iRedMail-x.y.z/tools/create_mail_user_OpenLDAP.sh|<pre>
 +
LDAP_SUFFIX="dc=example,dc=com" # <- Change the LDAP suffix
 +
BINDPW='passwd'                # <- The user cn=manager,dc=example,dc=com password
 +
PUREFTPD_INTEGRATION='YES'      # <- Change form NO to YES,enable the pureftp inteegration
 +
</pre>}}
 +
 +
*Run the script create a user user1 and user2. by default, the default password is same with user name.
 +
 +
{{cmd|<pre>
 +
#bash create_mail_user_OpenLDAP.sh example.com user1 user2
 +
 +
adding new entry "ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
 +
ldapadd: Already exists (68)
 +
adding new entry "ou=Groups,domainName=example.com,o=domains,dc=example,dc=com"
 +
ldapadd: Already exists (68)
 +
adding new entry "ou=Aliases,domainName=example.com,o=domains,dc=example,dc=com"
 +
ldapadd: Already exists (68)
 +
adding new entry "mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
 +
adding new entry "mail=user2@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
 +
</pre>}}
 +
 +
 +
=Config iptables=
 +
 +
By default the iredmail mail have not open 21 port,If you use the ftp client test, you need open the 20 and 21 port.
 +
 +
* Open /etc/default/iptables  and set correct values:
 +
{{cfg|/etc/default/iptables  |<pre>
 +
# http/https, smtp/smtps, pop3/pop3s, imap/imaps, ssh
 +
-A INPUT -p tcp -m multiport --dport 80,443,25,465,110,995,143,993,587,465,22,20,21 -j ACCEPT # <-- Add 20 21
 +
 +
</pre>}}
 +
 +
*Restart the iptables service
 +
 +
{{cmd|<pre>
 +
#/etc/init.d/iptables restart
 +
</pre>}}
 +
 +
=Testing=
 +
 +
You can use windows FTP client or linux ftp client lftp test.
 +
 +
{{cmd|<pre>
 +
lftp localhost
 +
lftp localhost:~> debug 4
 +
lftp localhost:~> login user1@example.com user1 # <-- input the username and password
 +
lftp user1@example.com@localhost:~> ls
 +
 +
---- Connecting to localhost (127.0.0.1) port 21
 +
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
 +
<--- 220-You are user number 1 of 50 allowed.
 +
<--- 220-Local time is now 16:25. Server port: 21.
 +
<--- 220-IPv6 connections are also welcome on this server.
 +
<--- 220 You will be disconnected after 15 minutes of inactivity.
 +
<--- 211-Extensions supported:
 +
<---  EPRT
 +
<---  IDLE
 +
<---  MDTM
 +
<---  SIZE
 +
<---  REST STREAM
 +
<---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
 +
<---  MLSD
 +
<---  ESTP
 +
<---  PASV
 +
<---  EPSV
 +
<---  SPSV
 +
<---  ESTA
 +
<---  AUTH TLS
 +
<---  PBSZ
 +
<---  PROT
 +
<---  UTF8
 +
<--- 211 End.
 +
<--- 500 This security scheme is not implemented
 +
<--- 200 OK, UTF-8 enabled
 +
<--- 200  MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
 +
<--- 331 User user1@example.com OK. Password required
 +
<--- 230-Your bandwidth usage is restricted
 +
<--- 230-User user1@example.com has group access to:  vmail 
 +
<--- 230-You must respect a 1:5 (UL/DL) ratio
 +
<--- 230-OK. Current restricted directory is /
 +
<--- 230-0 files used (0%) - authorized: 50 files
 +
<--- 230 0 Kbytes used (0%) - authorized: 10240 Kb
 +
<--- 257 "/" is your current location
 +
<--- 227 Entering Passive Mode (127,0,0,1,32,58)
 +
<--- 150 Accepted data connection
 +
drwxr-xr-x    2 500      vmail        4096 Jun 10 16:16 .
 +
drwxr-xr-x    2 500      vmail        4096 Jun 10 16:16 ..
 +
-rw-------    1 500      vmail          0 Jun 10 16:16 .ftpquota
 +
 +
</pre>}}
 +
 +
 +
=Troubleshooting=
 +
 +
*Enable verbose log in pure-ftpd
 +
 +
{{cmd|<pre>
 +
echo "yes" > /etc/pure-ftpd/conf/VerboseLog
 +
</pre>}}
 +
 +
Open /etc/rsyslog.conf  and set correct values:
 +
{{cfg|/etc/rsyslog.conf |<pre>
 +
ftp.*                      -/var/log/pure-ftpd/pureftpd.log # <-- Add entry
 +
</pre>}}
 +
 +
Create the file of pureftpd.log
 +
 +
{{cmd|<pre>
 +
touch /var/log/pure-ftpd/pureftpd.log
 +
</pre>}}
 +
 +
 +
*Enable OpenLDAP log
 +
 +
Open /etc/ldap/slapd.conf    and set correct values:
 +
{{cfg|/etc/ldap/slapd.conf  |<pre>
 +
loglevel    256 # <-- change form 0 to 256 
 +
 +
</pre>}}
 +
 +
Restart service
 +
 +
{{cmd|<pre>
 +
#/etc/init.d/pure-ftpd-ldap restart
 +
#/etc/init.d/rsyslog restart
 +
#/etc/init.d/slapd restart
 +
</pre>}}
 +
 +
Monitor /var/log/pureftpd.log and /var/log/openldap.log for troubleshooting.
 +
 +
{{cmd|<pre>
 +
# tail -0f /var/log/openldap.log
 +
Nov 11 17:42:09 mail slapd[16124]: warning: /etc/hosts.deny, line 0: missing newline or line too long
 +
Nov 11 17:42:09 mail slapd[16124]: conn=5 fd=14 ACCEPT from IP=127.0.0.1:46247 (IP=0.0.0.0:389)
 +
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=0 BIND dn="cn=vmail,dc=example,dc=com" method=128
 +
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=0 BIND dn="cn=vmail,dc=example,dc=com" mech=SIMPLE ssf=0
 +
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=0 RESULT tag=97 err=0 text=
 +
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=1 SRCH base="o=domains,dc=example,dc=com" scope=2
 +
deref=0 filter="(&(objectClass=PureFTPdUser)(mail=user1@example.com)(FTPStatus=enabled))"
 +
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=1 SRCH attr=FTPHomeDir uidNumber
 +
FTPuid gidNumber FTPgid userPassword loginShell FTPStatus FTPQuotaFiles
 +
FTPQuotaMBytes FTPDownloadRatio FTPUploadRatio FTPDownloadBandwidth FTPUploadBandwidth
 +
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
 +
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=2 UNBIND
 +
Nov 11 17:42:09 mail slapd[16124]: conn=5 fd=14 closed
 +
 +
# tail -0f /var/log/pure-ftpd/pureftpd.log
 +
Nov 11 17:39:37 mail pure-ftpd: (?@123.114.254.226) [INFO] New connection from 123.114.254.226
 +
Nov 11 17:39:37 mail pure-ftpd: (?@123.114.254.226) [DEBUG] Command [user] [user1@example.com]
 +
Nov 11 17:39:38 mail pure-ftpd: (?@123.114.254.226) [DEBUG] Command [pass] [<*>]
 +
Nov 11 17:39:38 mail pure-ftpd: (?@123.114.254.226) [INFO] user1@example.com is now logged in
 +
Nov 11 17:39:38 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [syst] []
 +
Nov 11 17:39:39 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [feat] []
 +
Nov 11 17:39:39 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [pwd] []
 +
Nov 11 17:39:39 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [type] [A]
 +
Nov 11 17:39:40 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [port] [123,114,254,226,17,57]
 +
Nov 11 17:39:40 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [list] [-a]
 +
Nov 11 17:39:48 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [type] [I]
 +
Nov 11 17:39:49 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [port] [123,114,254,226,17,60]
 +
Nov 11 17:39:49 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [stor] [test.pdf]
 +
Nov 11 17:39:51 mail pure-ftpd: (user1@example.com@123.114.254.226) [NOTICE]
 +
/home/ftp/example.com/u/us/use/user1-2009.11.11.17.22.26/ftp//chenshake.pdf uploaded  (14317 bytes, 9.45KB/sec)
 +
Nov 11 17:39:51 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [type] [A]
 +
Nov 11 17:39:52 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [port] [123,114,254,226,17,61]
 +
Nov 11 17:39:53 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [list] [-a]
 +
Nov 11 17:40:24 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [pwd] []
 +
Nov 11 17:40:34 mail pure-ftpd: (user1@example.com@123.114.254.226) [INFO] Logout.
</pre>}}
</pre>}}

Current revision as of 03:51, 29 March 2010

Contents

Install Pure-FTPd

Install PureFTPD

Terminal: 
#apt-get install pure-ftpd-ldap

Find vmail user password

For security reason, we only need to use the vmail user to search ldap, not suggest use the admin to search.

vmail password was random create duiring iredmail install.you can find the password in /etc/postfix/ldap_virtual_mailbox_domains.cf

  • Open /etc/postfix/ldap_virtual_mailbox_domains.cf :
File: /etc/postfix/ldap_virtual_mailbox_domains.cf 
bind_dn         = cn=vmail,dc=example,dc=com
bind_pw         = kZ6uB29mViWKWI9lOH3cGnF7z3Dw3B #cn=vmail password

Config PureFTPD

  • Configure PureFTPd as a standalone daemon (it is currently controlled by inetd)

Open /etc/default/pure-ftpd-common and set correct values:

File: /etc/default/pure-ftpd-common 
#STANDALONE_OR_INETD=inetd
STANDALONE_OR_INETD=standalone    #change to standalone

Open /etc/inetd.conf and comment out the ftp line::

File: /etc/inetd.conf 
#ftp    stream  tcp     nowait  root    /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper
  • Make PureFTPd chroot every virtual user in his home directory so he will not be able to browse directories and files outside his home directory.
Terminal: 
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
  • Make PureFTPd create a user's home directory when the user logs in and the home directory does not exist yet.
Terminal: 
echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir
  • Make that PureFTPd doesn't look up host names which can significantly speed up connections and reduce bandwidth usage.
Terminal: 
echo "yes" > /etc/pure-ftpd/conf/DontResolve


Config PureFTPD LDAP setting

  • Open /etc/pure-ftpd/db/ldap.conf and change the value :
File: /etc/pure-ftpd/db/ldap.conf 
LDAPServer localhost
LDAPPort 389
LDAPBaseDN o=domains,dc=example,dc=com
LDAPBindDN cn=vmail,dc=example,dc=com
LDAPBindPW kZ6uB29mViWKWI9lOH3cGnF7z3Dw3B #cn=vmail password 
LDAPDefaultUID 1000      # <- UID of 'vmail' user.
LDAPDefaultGID 1000      # <- GID of 'vmail' user.
LDAPFilter (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
LDAPHomeDir FTPHomeDir  # <- This is new attribute, we will add it
LDAPVersion 3

Config OpenLDAP

  • Get the schema modify by iredmail
Terminal: 
#wget http://iredmail.googlecode.com/svn/trunk/extra/pureftpd.schema -P /etc/ldap/schema/
  • Open /etc/ldap/slapd.conf :include pureftpd.schema after iredmail.schema and Add index for attributes defined in pureftpd.schema:
File: /etc/ldap/slapd.conf 
include /etc/ldap/schema/iredmail.schema
include /etc/ldap/schema/pureftpd.schema    # <-- Add this line.


# Default index.
#
index objectClass                                   eq,pres
index ou,cn,mail,surname,givenname,telephoneNumber  eq,pres,sub
index uidNumber,gidNumber,loginShell                eq,pres
index uid,memberUid                                 eq,pres,sub
index nisMapName,nisMapEntry                        eq,pres,sub
# <-- Add the below
#Index for FTP attrs.
index FTPQuotaFiles,FTPQuotaMBytes eq,pres
index FTPUploadRatio,FTPDownloadRatio eq,pres
index FTPUploadBandwidth,FTPDownloadBandwidth eq,pres
index FTPStatus,FTPuid,FTPgid,FTPHomeDir eq,pres


Create FTP Home Dir

FTP data are all stored in /home/ftp/ directory.Create /home/ftp/, owner must be 'root' user.

Terminal: 
#mkdir /home/ftp/
#ls -dl /home/ftp
drwxr-xr-x 2 root root 4096 Oct  3 16:53 /home/ftp

Restart OpenLDAP and PureFTPD Service

Make sure pure-ftpd is running:

Terminal: 
#/etc/init.d/slapd restart
#/etc/init.d/pure-ftpd-ldap restart 

# netstat -ntlp | grep pure-ftpd
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      12548/pure-ftpd (SE
tcp6       0      0 :::21                   :::*                    LISTEN      12548/pure-ftpd (SE

Add LDAP FTP attributes and values for new user

use the iredmail tools quick create the user include the PureFTP attributes and values.

  • Open /iRedMail-x.y.z/tools/create_mail_user_OpenLDAP.sh and set correct values:
File: /iRedMail-x.y.z/tools/create_mail_user_OpenLDAP.sh 
LDAP_SUFFIX="dc=example,dc=com" # <- Change the LDAP suffix 
BINDPW='passwd'                 # <- The user cn=manager,dc=example,dc=com password
PUREFTPD_INTEGRATION='YES'      # <- Change form NO to YES,enable the pureftp inteegration
  • Run the script create a user user1 and user2. by default, the default password is same with user name.
Terminal: 
#bash create_mail_user_OpenLDAP.sh example.com user1 user2 

adding new entry "ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "ou=Groups,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "ou=Aliases,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
adding new entry "mail=user2@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"


Config iptables

By default the iredmail mail have not open 21 port,If you use the ftp client test, you need open the 20 and 21 port.

  • Open /etc/default/iptables and set correct values:
File: /etc/default/iptables 
# http/https, smtp/smtps, pop3/pop3s, imap/imaps, ssh
-A INPUT -p tcp -m multiport --dport 80,443,25,465,110,995,143,993,587,465,22,20,21 -j ACCEPT # <-- Add 20 21
  • Restart the iptables service
Terminal: 
#/etc/init.d/iptables restart

Testing

You can use windows FTP client or linux ftp client lftp test.

Terminal: 
lftp localhost
lftp localhost:~> debug 4
lftp localhost:~> login user1@example.com user1 # <-- input the username and password
lftp user1@example.com@localhost:~> ls 

---- Connecting to localhost (127.0.0.1) port 21
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<--- 220-You are user number 1 of 50 allowed.
<--- 220-Local time is now 16:25. Server port: 21.
<--- 220-IPv6 connections are also welcome on this server.
<--- 220 You will be disconnected after 15 minutes of inactivity.
<--- 211-Extensions supported:
<---  EPRT
<---  IDLE
<---  MDTM
<---  SIZE
<---  REST STREAM
<---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<---  MLSD
<---  ESTP
<---  PASV
<---  EPSV
<---  SPSV
<---  ESTA
<---  AUTH TLS
<---  PBSZ
<---  PROT
<---  UTF8
<--- 211 End.
<--- 500 This security scheme is not implemented
<--- 200 OK, UTF-8 enabled
<--- 200  MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
<--- 331 User user1@example.com OK. Password required
<--- 230-Your bandwidth usage is restricted
<--- 230-User user1@example.com has group access to:  vmail   
<--- 230-You must respect a 1:5 (UL/DL) ratio
<--- 230-OK. Current restricted directory is /
<--- 230-0 files used (0%) - authorized: 50 files
<--- 230 0 Kbytes used (0%) - authorized: 10240 Kb
<--- 257 "/" is your current location
<--- 227 Entering Passive Mode (127,0,0,1,32,58)
<--- 150 Accepted data connection
drwxr-xr-x    2 500      vmail        4096 Jun 10 16:16 .
drwxr-xr-x    2 500      vmail        4096 Jun 10 16:16 ..
-rw-------    1 500      vmail           0 Jun 10 16:16 .ftpquota


Troubleshooting

  • Enable verbose log in pure-ftpd
Terminal: 
echo "yes" > /etc/pure-ftpd/conf/VerboseLog

Open /etc/rsyslog.conf and set correct values:

File: /etc/rsyslog.conf 
ftp.*                       -/var/log/pure-ftpd/pureftpd.log # <-- Add entry

Create the file of pureftpd.log

Terminal: 
touch /var/log/pure-ftpd/pureftpd.log


  • Enable OpenLDAP log

Open /etc/ldap/slapd.conf and set correct values:

File: /etc/ldap/slapd.conf 
loglevel    256 # <-- change form 0 to 256

Restart service

Terminal: 
#/etc/init.d/pure-ftpd-ldap restart
#/etc/init.d/rsyslog restart
#/etc/init.d/slapd restart

Monitor /var/log/pureftpd.log and /var/log/openldap.log for troubleshooting.

Terminal: 
# tail -0f /var/log/openldap.log 
Nov 11 17:42:09 mail slapd[16124]: warning: /etc/hosts.deny, line 0: missing newline or line too long
Nov 11 17:42:09 mail slapd[16124]: conn=5 fd=14 ACCEPT from IP=127.0.0.1:46247 (IP=0.0.0.0:389)
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=0 BIND dn="cn=vmail,dc=example,dc=com" method=128
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=0 BIND dn="cn=vmail,dc=example,dc=com" mech=SIMPLE ssf=0
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=0 RESULT tag=97 err=0 text=
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=1 SRCH base="o=domains,dc=example,dc=com" scope=2 
deref=0 filter="(&(objectClass=PureFTPdUser)(mail=user1@example.com)(FTPStatus=enabled))"
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=1 SRCH attr=FTPHomeDir uidNumber 
FTPuid gidNumber FTPgid userPassword loginShell FTPStatus FTPQuotaFiles 
FTPQuotaMBytes FTPDownloadRatio FTPUploadRatio FTPDownloadBandwidth FTPUploadBandwidth
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Nov 11 17:42:09 mail slapd[16124]: conn=5 op=2 UNBIND
Nov 11 17:42:09 mail slapd[16124]: conn=5 fd=14 closed

# tail -0f /var/log/pure-ftpd/pureftpd.log
Nov 11 17:39:37 mail pure-ftpd: (?@123.114.254.226) [INFO] New connection from 123.114.254.226
Nov 11 17:39:37 mail pure-ftpd: (?@123.114.254.226) [DEBUG] Command [user] [user1@example.com]
Nov 11 17:39:38 mail pure-ftpd: (?@123.114.254.226) [DEBUG] Command [pass] [<*>]
Nov 11 17:39:38 mail pure-ftpd: (?@123.114.254.226) [INFO] user1@example.com is now logged in
Nov 11 17:39:38 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [syst] []
Nov 11 17:39:39 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [feat] []
Nov 11 17:39:39 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [pwd] []
Nov 11 17:39:39 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [type] [A]
Nov 11 17:39:40 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [port] [123,114,254,226,17,57]
Nov 11 17:39:40 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [list] [-a]
Nov 11 17:39:48 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [type] [I]
Nov 11 17:39:49 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [port] [123,114,254,226,17,60]
Nov 11 17:39:49 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [stor] [test.pdf]
Nov 11 17:39:51 mail pure-ftpd: (user1@example.com@123.114.254.226) [NOTICE] 
/home/ftp/example.com/u/us/use/user1-2009.11.11.17.22.26/ftp//chenshake.pdf uploaded  (14317 bytes, 9.45KB/sec)
Nov 11 17:39:51 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [type] [A]
Nov 11 17:39:52 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [port] [123,114,254,226,17,61]
Nov 11 17:39:53 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [list] [-a]
Nov 11 17:40:24 mail pure-ftpd: (user1@example.com@123.114.254.226) [DEBUG] Command [pwd] []
Nov 11 17:40:34 mail pure-ftpd: (user1@example.com@123.114.254.226) [INFO] Logout.
Retrieved from "http://iredmail.org/wiki/index.php?title=Integration/PureFTPd.iRedMail.with.OpenLDAP/Debian"
Personal tools