Integration/PureFTPd.iRedMail.with.OpenLDAP/FreeBSD

From iRedMail
Jump to: navigation, search

Contents

Install Pure-FTPd

Install PureFTPD

Terminal:
# cd /usr/ports/ftp/pure-ftpd/
# make install clean  

Options for Pure-ftpd, the LDAP must be select

Add ftp user

When install pureftp, would create ftp group, but not create ftp user, would report a error "mail pure-ftpd:(?:?) [ERROR] Unable to find the 'ftp' account", so we need manual create ftp user.

Terminal:
# pw useradd ftp -u 14 -g 14 -s /sbin/nologin -d /dev/null
# cat /etc/passwd | grep ftp
ftp:*:14:14:User &:/dev/null:/sbin/nologin
# cat /etc/group | grep ftp
ftp:*:14:   


Find vmail user password

For security reason, we only need to use the vmail user to search ldap, not suggest use the admin to search.

vmail password was random create duiring iredmail install.you can find the password in /etc/postfix/ldap_virtual_mailbox_domains.cf

  • Open /etc/postfix/ldap_virtual_mailbox_domains.cf :
File: /etc/postfix/ldap_virtual_mailbox_domains.cf
bind_dn         = cn=vmail,dc=example,dc=com
bind_pw         = kZ6uB29mViWKWI9lOH3cGnF7z3Dw3B #cn=vmail password

Config PureFTPD

  • Create pure-ftp config files
Terminal:
# cd /usr/local/etc
# cp pure-ftpd.conf.sample pure-ftpd.conf
# cp pureftpd-ldap.conf.sample pureftpd-ldap.conf
# chmod 644 pure-ftpd.conf
# chmod 644 pureftpd-ldap.conf
# echo 'pureftpd_enable="YES"' >> /etc/rc.conf 
  • Open /usr/local/etc/pure-ftpd.conf,let pure-ftpd support ldap :
File: /usr/local/etc/pure-ftpd.conf
LDAPConfigFile              /usr/local/etc/pureftpd-ldap.conf
CreateHomeDir               yes


Config PureFTPD LDAP setting

  • Open /usr/local/etc/pureftpd-ldap.conf and change the value :
File: /usr/local/etc/pureftpd-ldap.conf
LDAPServer localhost
LDAPPort 389
LDAPBaseDN o=domains,dc=example,dc=com
LDAPBindDN cn=vmail,dc=example,dc=com
LDAPBindPW kZ6uB29mViWKWI9lOH3cGnF7z3Dw3B #cn=vmail password
LDAPDefaultUID 1002      # <- UID of 'vmail' user.
LDAPDefaultGID 1002      # <- GID of 'vmail' user.
LDAPFilter (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
LDAPHomeDir FTPHomeDir  # <- This is new attribute, we will add it
LDAPVersion 3

Config OpenLDAP

  • Get the schema modify by iredmail
Terminal:
#wget http://iredmail.googlecode.com/svn/trunk/extra/pureftpd.schema -P /usr/local/etc/openldap/schema/ 
  • Open /usr/local/etc/openldap/slapd.conf :include pureftpd.schema after iredmail.schema and Add index for attributes defined in pureftpd.schema:
File: /usr/local/etc/openldap/slapd.conf
include /etc/ldap/schema/iredmail.schema
include /etc/ldap/schema/pureftpd.schema    # <-- Add this line.


# Default index.
#
index objectClass                                   eq,pres
index ou,cn,mail,surname,givenname,telephoneNumber  eq,pres,sub
index uidNumber,gidNumber,loginShell                eq,pres
index uid,memberUid                                 eq,pres,sub
index nisMapName,nisMapEntry                        eq,pres,sub
# <-- Add the below
#Index for FTP attrs.
index FTPQuotaFiles,FTPQuotaMBytes eq,pres
index FTPUploadRatio,FTPDownloadRatio eq,pres
index FTPUploadBandwidth,FTPDownloadBandwidth eq,pres
index FTPStatus,FTPuid,FTPgid,FTPHomeDir eq,pres


Create FTP Home Dir

FTP data are all stored in /home/ftp/ directory.Create /home/ftp/, owner must be 'root' user.

Terminal:
mkdir /home/ftp/
# ls -dl /home/ftp/
drwxr-xr-x  2 root  wheel  512 Jan 31 13:25 /home/ftp/

Restart OpenLDAP and PureFTPD Service

Make sure pure-ftpd is running:

Terminal:
# /usr/local/etc/rc.d/slapd restart
# /usr/local/etc/rc.d/pure-ftpd restart 

# /usr/local/etc/rc.d/pure-ftpd status
pureftpd is running as pid 99905.

Add LDAP FTP attributes and values for new user

use the iredmail tools quick create the user include the PureFTP attributes and values.

  • Open /iRedMail-x.y.z/tools/create_mail_user_OpenLDAP.sh and set correct values:
File: /iRedMail-x.y.z/tools/create_mail_user_OpenLDAP.sh
LDAP_SUFFIX="dc=example,dc=com" # <- Change the LDAP suffix 
BINDPW='passwd'                 # <- The user cn=manager,dc=example,dc=com password
PUREFTPD_INTEGRATION='YES'      # <- Change form NO to YES,enable the pureftp inteegration
  • Run the script create a user user1 and user2. by default, the default password is same with user name.
Terminal:
#bash create_mail_user_OpenLDAP.sh example.com user1 user2 

adding new entry "ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "ou=Groups,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "ou=Aliases,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
adding new entry "mail=user2@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"


Testing

You can use windows FTP client or linux ftp client lftp test.

Terminal:
lftp localhost
lftp localhost:~> debug 4
lftp localhost:~> login user1@example.com user1 # <-- input the username and password
lftp user1@example.com@localhost:~> ls 

---- Connecting to localhost (127.0.0.1) port 21
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<--- 220-You are user number 1 of 50 allowed.
<--- 220-Local time is now 16:25. Server port: 21.
<--- 220-IPv6 connections are also welcome on this server.
<--- 220 You will be disconnected after 15 minutes of inactivity.
<--- 211-Extensions supported:
<---  EPRT
<---  IDLE
<---  MDTM
<---  SIZE
<---  REST STREAM
<---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<---  MLSD
<---  ESTP
<---  PASV
<---  EPSV
<---  SPSV
<---  ESTA
<---  AUTH TLS
<---  PBSZ
<---  PROT
<---  UTF8
<--- 211 End.
<--- 500 This security scheme is not implemented
<--- 200 OK, UTF-8 enabled
<--- 200  MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
<--- 331 User user1@example.com OK. Password required
<--- 230-Your bandwidth usage is restricted
<--- 230-User user1@example.com has group access to:  vmail   
<--- 230-You must respect a 1:5 (UL/DL) ratio
<--- 230-OK. Current restricted directory is /
<--- 230-0 files used (0%) - authorized: 50 files
<--- 230 0 Kbytes used (0%) - authorized: 10240 Kb
<--- 257 "/" is your current location
<--- 227 Entering Passive Mode (127,0,0,1,32,58)
<--- 150 Accepted data connection
drwxr-xr-x    2 500      vmail        4096 Jun 10 16:16 .
drwxr-xr-x    2 500      vmail        4096 Jun 10 16:16 ..
-rw-------    1 500      vmail           0 Jun 10 16:16 .ftpquota


Troubleshooting

  • Enable OpenLDAP log

Open /usr/local/etc/openldap/slapd.conf and set correct values:

File: /usr/local/etc/openldap/slapd.conf
loglevel    256 # <-- change form 0 to 256  

  • Restart service
Terminal:
#/usr/local/etc/rc.d/pure-ftpd restart
#/etc/rc.d/syslogd restart
#/usr/local/etc/rc.d/slapd restart
  • Monitor /var/log/xferlog and /var/log/openldap.log for troubleshooting.
Terminal:
# tail -0f /var/log/openldap.log
Feb  3 04:11:59 mail slapd[993]: conn=1002 fd=10 ACCEPT from IP=127.0.0.1:54551 (IP=0.0.0.0:389)
Feb  3 04:11:59 mail slapd[993]: conn=1002 op=0 BIND dn="cn=vmail,dc=example,dc=com" method=128
Feb  3 04:11:59 mail slapd[993]: conn=1002 op=0 BIND dn="cn=vmail,dc=example,dc=com" mech=SIMPLE ssf=0
Feb  3 04:11:59 mail slapd[993]: conn=1002 op=0 RESULT tag=97 err=0 text=
Feb  3 04:11:59 mail slapd[993]: conn=1002 op=1 
SRCH base="o=domains,dc=example,dc=com" scope=2 deref=0 
filter="(&(objectClass=PureFTPdUser)(mail=user1@example.com)(FTPStatus=enabled))"
Feb  3 04:11:59 mail slapd[993]: conn=1002 op=1 
SRCH attr=FTPHomeDir uidNumber FTPuid gidNumber FTPgid userPassword 
loginShell FTPStatus FTPQuotaFiles FTPQuotaMBytes FTPDownloadRatio 
FTPUploadRatio FTPDownloadBandwidth FTPUploadBandwidth
Feb  3 04:11:59 mail slapd[993]: conn=1002 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb  3 04:11:59 mail slapd[993]: conn=1002 op=2 UNBIND
Feb  3 04:11:59 mail slapd[993]: conn=1002 fd=10 closed

# tail -0f /var/log/xferlog
Jan 31 13:38:15 mail pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 31 13:38:15 mail pure-ftpd: (?@127.0.0.1) [INFO] user1@example.com is now logged in

Personal tools