elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Typo in pureftpd.openldap.centos.html.

This commit is contained in:
Zhang Huangbin 2016-04-19 00:30:23 +08:00
parent 7de73c0db2
commit 581979d4c1
2 changed files with 84 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
en_US/integrations/0-pureftpd.openldap.centos.md
View File

@ -12,12 +12,10 @@ Install PureFTPD from EPEL yum repo:
## Use a proper LDAP bind dn/password to query accounts
iRedMail generates a LDAP bind dn `cn=vmail,dc=xxx,dc=xxx` with read-only
access to all mail accounts, we use it in ejabberd to query accounts.
iRedMail generates a read-only LDAP bind dn `cn=vmail,dc=xxx,dc=xxx` during
installation, so it's perfect to query user accounts with this dn.
Password of `cn=vmail,dc=xxx,dc=xxx` was generated randomly during iRedMail
installation, you can find the full dn and password in
`/etc/postfix/ldap/catchall_maps.cf`:
You can find the full dn and password in `/etc/postfix/ldap/catchall_maps.cf`:
```
# grep 'bind_' /etc/postfix/ldap/catchall_maps.cf
@ -27,31 +25,32 @@ bind_pw = InYTi8qGjamTb6Me2ESwbb6rxQUs5y
## Configure the LDAP setting for PureFTPD
* Open `/etc/pure-ftpd/pureftpd-ldap.conf` and update below parameters:
* Open `/etc/pure-ftpd/pureftpd-ldap.conf` and update parameters below:
```
LDAPServer localhost
LDAPPort 389
LDAPBaseDN o=domains,dc=example,dc=com
LDAPBindDN cn=vmail,dc=example,dc=com
LDAPBindPW InYTi8qGjamTb6Me2ESwbb6rxQUs5y # cn=vmail password
LDAPDefaultUID 2000 # <- UID of `vmail` user.
LDAPDefaultGID 2000 # <- GID of `vmail` user.
LDAPFilter (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
LDAPHomeDir FTPHomeDir # <- New LDAP attribute, we will add it later.
LDAPVersion 3
LDAPServer localhost
LDAPPort 389
LDAPBaseDN o=domains,dc=example,dc=com
LDAPBindDN cn=vmail,dc=example,dc=com
LDAPBindPW InYTi8qGjamTb6Me2ESwbb6rxQUs5y # cn=vmail password
LDAPDefaultUID 2000 # <- UID of `vmail` user.
LDAPDefaultGID 2000 # <- GID of `vmail` user.
LDAPFilter (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
LDAPHomeDir FTPHomeDir # <- New LDAP attribute, we will add it later.
LDAPVersion 3
```
## Config OpenLDAP
* Get the schema modify by iredmail
* Get the schema modified by iredmail, it adds a new attribute `FTPHomeDir` to
store per-user FTP home directory. Default schema uses `homeDirectory`.
```
# wget https://bitbucket.org/zhb/iredmail/raw/default/extra/samples/pureftpd.schema
# mv pureftpd.schema /etc/openldap/schema/
# mv pureftpd.schema /etc/openldap/schema/
```
* Open `/etc/openldap/slapd.conf`, include `pureftpd.schema` after `iredmail.schema`:
* Update `/etc/openldap/slapd.conf`, include `pureftpd.schema` after `iredmail.schema`:
```
include /etc/openldap/schema/iredmail.schema
@ -72,7 +71,7 @@ index FTPStatus,FTPuid,FTPgid,FTPHomeDir eq,pres
## Create FTP Home Directory
We're going to store all FTP data under `/home/ftp/` directory, so let's create
`/home/ftp/` now, owner must be `root` user.
`/home/ftp/` first, directory owner MUST be `root` user.
```
# mkdir /home/ftp/
@ -82,7 +81,7 @@ drwxr-xr-x 3 root root 4096 Jun 7 20:18 /home/ftp/
## Restart OpenLDAP and Pure-FTPD Service
Make sure pure-ftpd is running:
Restart Pure-FTPd and OpenLDAP services:
```
# /etc/init.d/ldap restart
@ -95,17 +94,22 @@ tcp 0 0 :::21 :::* LISTEN 2062/pure-ftpd (SERVER)
## Add LDAP FTP attributes and values for new user
use the iredmail tools quick create the user include the PureFTP attributes and values.
With script shipped in iRedMail, you can quickly create NEW mail user which
has pureftpd service support.
* Open `/iRedMail-x.y.z/tools/create_mail_user_OpenLDAP.sh` and set correct values:
* Open file `tools/create_mail_user_OpenLDAP.sh` under your iRedMail directory
(e.g. `/root/iRedMail-0.9.4/tools/create_mail_user_OpenLDAP.sh`), update
paraemters below with correct values:
```
LDAP_SUFFIX="dc=example,dc=com" # <- Change the LDAP suffix
BINDPW='passwd' # <- Password for the bind dn `cn=Manager,dc=example,dc=com`
PUREFTPD_INTEGRATION='YES' # <- Change to YES, enable the pureftp inteegration
LDAP_SUFFIX="dc=example,dc=com" # <- Change the LDAP suffix
BINDPW='passwd' # <- Password for the bind dn `cn=Manager,dc=example,dc=com`
PUREFTPD_INTEGRATION='YES' # <- Set to 'YES' to enable the pureftp inteegration
FTP_STORAGE_BASE_DIRECTORY='/home/ftp' # <- Change it to the ftp home directory
```
* Run the script to create a new user `user1@example.com`. The default password is same as user name (`user1`) by default.
* Run the script to create a new user `user1@example.com`. The default
password is same as user name (`user1`) by default.
```
# bash create_mail_user_OpenLDAP.sh example.com user1
@ -119,6 +123,8 @@ ldapadd: Already exists (68)
adding new entry "mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
```
You can now login to both webmail and FTP service as this user.
## Configure iptables
iRedMail doesn't open port 20 and 21 by default, you must open them first.
@ -133,12 +139,16 @@ iRedMail doesn't open port 20 and 21 by default, you must open them first.
* Restart the iptables service
```
# /etc/init.d/iptables restart
# service iptables restart
```
## Testing
You can use windows FTP client or Linux ftp client (e.g. command line ftp client `lftp` or GUI client `FileZilla`) for testing.
You can use windows FTP client or Linux ftp client (e.g. command line ftp
client `lftp` or GUI client [`FileZilla`](https://filezilla-project.org)) for
testing.
We use `lftp` for testing below:
```
$ lftp localhost
@ -194,10 +204,10 @@ Enable verbose log in pure-ftpd
* Open `/etc/pure-ftpd/pure-ftpd.conf` and set correct values:
```
VerboseLog yes # <-- change form no to yes
VerboseLog yes # <-- change from no to yes
```
* Open `/etc/syslog.conf` and set correct values:
* Open `/etc/rsyslog.conf` and set correct values:
```
ftp.* -/var/log/pureftpd.log # <-- Add entry
@ -206,8 +216,8 @@ ftp.* -/var/log/pureftpd.log # <-- Add entry
* Restart services
```
#/etc/init.d/pure-ftpd restart
#/etc/init.d/syslog restart
# service pure-ftpd restart
# service rsyslog restart
```
Monitor `/var/log/pureftpd.log` for troubleshooting:

74
html/pureftpd.openldap.centos.html
View File

@ -32,11 +32,9 @@
</code></pre>
<h2 id="use-a-proper-ldap-bind-dnpassword-to-query-accounts">Use a proper LDAP bind dn/password to query accounts</h2>
<p>iRedMail generates a LDAP bind dn <code>cn=vmail,dc=xxx,dc=xxx</code> with read-only
access to all mail accounts, we use it in ejabberd to query accounts.</p>
<p>Password of <code>cn=vmail,dc=xxx,dc=xxx</code> was generated randomly during iRedMail
installation, you can find the full dn and password in
<code>/etc/postfix/ldap/catchall_maps.cf</code>:</p>
<p>iRedMail generates a read-only LDAP bind dn <code>cn=vmail,dc=xxx,dc=xxx</code> during
installation, so it's perfect to query user accounts with this dn.</p>
<p>You can find the full dn and password in <code>/etc/postfix/ldap/catchall_maps.cf</code>:</p>
<pre><code># grep 'bind_' /etc/postfix/ldap/catchall_maps.cf
bind_dn = cn=vmail,dc=example,dc=com
bind_pw = InYTi8qGjamTb6Me2ESwbb6rxQUs5y
@ -44,30 +42,31 @@ bind_pw = InYTi8qGjamTb6Me2ESwbb6rxQUs5y
<h2 id="configure-the-ldap-setting-for-pureftpd">Configure the LDAP setting for PureFTPD</h2>
<ul>
<li>Open <code>/etc/pure-ftpd/pureftpd-ldap.conf</code> and update below parameters:</li>
<li>Open <code>/etc/pure-ftpd/pureftpd-ldap.conf</code> and update parameters below:</li>
</ul>
<pre><code>LDAPServer localhost
LDAPPort 389
LDAPBaseDN o=domains,dc=example,dc=com
LDAPBindDN cn=vmail,dc=example,dc=com
LDAPBindPW InYTi8qGjamTb6Me2ESwbb6rxQUs5y # cn=vmail password
LDAPDefaultUID 2000 # &lt;- UID of `vmail` user.
LDAPDefaultGID 2000 # &lt;- GID of `vmail` user.
LDAPFilter (&amp;(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
LDAPHomeDir FTPHomeDir # &lt;- New LDAP attribute, we will add it later.
LDAPVersion 3
<pre><code>LDAPServer localhost
LDAPPort 389
LDAPBaseDN o=domains,dc=example,dc=com
LDAPBindDN cn=vmail,dc=example,dc=com
LDAPBindPW InYTi8qGjamTb6Me2ESwbb6rxQUs5y # cn=vmail password
LDAPDefaultUID 2000 # &lt;- UID of `vmail` user.
LDAPDefaultGID 2000 # &lt;- GID of `vmail` user.
LDAPFilter (&amp;(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
LDAPHomeDir FTPHomeDir # &lt;- New LDAP attribute, we will add it later.
LDAPVersion 3
</code></pre>
<h2 id="config-openldap">Config OpenLDAP</h2>
<ul>
<li>Get the schema modify by iredmail</li>
<li>Get the schema modified by iredmail, it adds a new attribute <code>FTPHomeDir</code> to
store per-user FTP home directory. Default schema uses <code>homeDirectory</code>.</li>
</ul>
<pre><code># wget https://bitbucket.org/zhb/iredmail/raw/default/extra/samples/pureftpd.schema
# mv pureftpd.schema /etc/openldap/schema/
# mv pureftpd.schema /etc/openldap/schema/
</code></pre>
<ul>
<li>Open <code>/etc/openldap/slapd.conf</code>, include <code>pureftpd.schema</code> after <code>iredmail.schema</code>:</li>
<li>Update <code>/etc/openldap/slapd.conf</code>, include <code>pureftpd.schema</code> after <code>iredmail.schema</code>:</li>
</ul>
<pre><code>include /etc/openldap/schema/iredmail.schema
include /etc/openldap/schema/pureftpd.schema # &lt;-- Add this line.
@ -86,14 +85,14 @@ index FTPStatus,FTPuid,FTPgid,FTPHomeDir eq,pres
<h2 id="create-ftp-home-directory">Create FTP Home Directory</h2>
<p>We're going to store all FTP data under <code>/home/ftp/</code> directory, so let's create
<code>/home/ftp/</code> now, owner must be <code>root</code> user.</p>
<code>/home/ftp/</code> first, directory owner MUST be <code>root</code> user.</p>
<pre><code># mkdir /home/ftp/
# ls -dl /home/ftp
drwxr-xr-x 3 root root 4096 Jun 7 20:18 /home/ftp/
</code></pre>
<h2 id="restart-openldap-and-pure-ftpd-service">Restart OpenLDAP and Pure-FTPD Service</h2>
<p>Make sure pure-ftpd is running:</p>
<p>Restart Pure-FTPd and OpenLDAP services:</p>
<pre><code># /etc/init.d/ldap restart
# /etc/init.d/pure-ftpd restart
@ -103,17 +102,22 @@ tcp 0 0 :::21 :::* LISTEN 2062/pure-ftpd (SERVER)
</code></pre>
<h2 id="add-ldap-ftp-attributes-and-values-for-new-user">Add LDAP FTP attributes and values for new user</h2>
<p>use the iredmail tools quick create the user include the PureFTP attributes and values.</p>
<p>With script shipped in iRedMail, you can quickly create NEW mail user which
has pureftpd service support.</p>
<ul>
<li>Open <code>/iRedMail-x.y.z/tools/create_mail_user_OpenLDAP.sh</code> and set correct values:</li>
<li>Open file <code>tools/create_mail_user_OpenLDAP.sh</code> under your iRedMail directory
(e.g. <code>/root/iRedMail-0.9.4/tools/create_mail_user_OpenLDAP.sh</code>), update
paraemters below with correct values:</li>
</ul>
<pre><code>LDAP_SUFFIX=&quot;dc=example,dc=com&quot; # &lt;- Change the LDAP suffix
BINDPW='passwd' # &lt;- Password for the bind dn `cn=Manager,dc=example,dc=com`
PUREFTPD_INTEGRATION='YES' # &lt;- Change to YES, enable the pureftp inteegration
<pre><code>LDAP_SUFFIX=&quot;dc=example,dc=com&quot; # &lt;- Change the LDAP suffix
BINDPW='passwd' # &lt;- Password for the bind dn `cn=Manager,dc=example,dc=com`
PUREFTPD_INTEGRATION='YES' # &lt;- Set to 'YES' to enable the pureftp inteegration
FTP_STORAGE_BASE_DIRECTORY='/home/ftp' # &lt;- Change it to the ftp home directory
</code></pre>
<ul>
<li>Run the script to create a new user <code>user1@example.com</code>. The default password is same as user name (<code>user1</code>) by default.</li>
<li>Run the script to create a new user <code>user1@example.com</code>. The default
password is same as user name (<code>user1</code>) by default.</li>
</ul>
<pre><code># bash create_mail_user_OpenLDAP.sh example.com user1
@ -126,6 +130,7 @@ ldapadd: Already exists (68)
adding new entry &quot;mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com&quot;
</code></pre>
<p>You can now login to both webmail and FTP service as this user.</p>
<h2 id="configure-iptables">Configure iptables</h2>
<p>iRedMail doesn't open port 20 and 21 by default, you must open them first.</p>
<ul>
@ -138,11 +143,14 @@ adding new entry &quot;mail=user1@example.com,ou=Users,domainName=example.com,o=
<ul>
<li>Restart the iptables service</li>
</ul>
<pre><code># /etc/init.d/iptables restart
<pre><code># service iptables restart
</code></pre>
<h2 id="testing">Testing</h2>
<p>You can use windows FTP client or Linux ftp client (e.g. command line ftp client <code>lftp</code> or GUI client <code>FileZilla</code>) for testing.</p>
<p>You can use windows FTP client or Linux ftp client (e.g. command line ftp
client <code>lftp</code> or GUI client <a href="https://filezilla-project.org"><code>FileZilla</code></a>) for
testing.</p>
<p>We use <code>lftp</code> for testing below:</p>
<pre><code>$ lftp localhost
localhost:~&gt; debug 4
localhost:~&gt; login user1@example.com user1 # &lt;-- input the username and password
@ -194,11 +202,11 @@ drwxr-xr-x 2 500 vmail 4096 Jun 10 16:16 ..
<ul>
<li>Open <code>/etc/pure-ftpd/pure-ftpd.conf</code> and set correct values:</li>
</ul>
<pre><code>VerboseLog yes # &lt;-- change form no to yes
<pre><code>VerboseLog yes # &lt;-- change from no to yes
</code></pre>
<ul>
<li>Open <code>/etc/syslog.conf</code> and set correct values:</li>
<li>Open <code>/etc/rsyslog.conf</code> and set correct values:</li>
</ul>
<pre><code>ftp.* -/var/log/pureftpd.log # &lt;-- Add entry
</code></pre>
@ -206,8 +214,8 @@ drwxr-xr-x 2 500 vmail 4096 Jun 10 16:16 ..
<ul>
<li>Restart services</li>
</ul>
<pre><code>#/etc/init.d/pure-ftpd restart
#/etc/init.d/syslog restart
<pre><code># service pure-ftpd restart
# service rsyslog restart
</code></pre>
<p>Monitor <code>/var/log/pureftpd.log</code> for troubleshooting:</p>