diff --git a/en_US/integrations/0-pureftpd.openldap.centos.md b/en_US/integrations/0-pureftpd.openldap.centos.md index a13f5aea..ec3d410d 100644 --- a/en_US/integrations/0-pureftpd.openldap.centos.md +++ b/en_US/integrations/0-pureftpd.openldap.centos.md @@ -12,12 +12,10 @@ Install PureFTPD from EPEL yum repo: ## Use a proper LDAP bind dn/password to query accounts -iRedMail generates a LDAP bind dn `cn=vmail,dc=xxx,dc=xxx` with read-only -access to all mail accounts, we use it in ejabberd to query accounts. +iRedMail generates a read-only LDAP bind dn `cn=vmail,dc=xxx,dc=xxx` during +installation, so it's perfect to query user accounts with this dn. -Password of `cn=vmail,dc=xxx,dc=xxx` was generated randomly during iRedMail -installation, you can find the full dn and password in -`/etc/postfix/ldap/catchall_maps.cf`: +You can find the full dn and password in `/etc/postfix/ldap/catchall_maps.cf`: ``` # grep 'bind_' /etc/postfix/ldap/catchall_maps.cf @@ -27,31 +25,32 @@ bind_pw = InYTi8qGjamTb6Me2ESwbb6rxQUs5y ## Configure the LDAP setting for PureFTPD -* Open `/etc/pure-ftpd/pureftpd-ldap.conf` and update below parameters: +* Open `/etc/pure-ftpd/pureftpd-ldap.conf` and update parameters below: ``` -LDAPServer localhost -LDAPPort 389 -LDAPBaseDN o=domains,dc=example,dc=com -LDAPBindDN cn=vmail,dc=example,dc=com -LDAPBindPW InYTi8qGjamTb6Me2ESwbb6rxQUs5y # cn=vmail password -LDAPDefaultUID 2000 # <- UID of `vmail` user. -LDAPDefaultGID 2000 # <- GID of `vmail` user. -LDAPFilter (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled)) -LDAPHomeDir FTPHomeDir # <- New LDAP attribute, we will add it later. -LDAPVersion 3 +LDAPServer localhost +LDAPPort 389 +LDAPBaseDN o=domains,dc=example,dc=com +LDAPBindDN cn=vmail,dc=example,dc=com +LDAPBindPW InYTi8qGjamTb6Me2ESwbb6rxQUs5y # cn=vmail password +LDAPDefaultUID 2000 # <- UID of `vmail` user. +LDAPDefaultGID 2000 # <- GID of `vmail` user. +LDAPFilter (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled)) +LDAPHomeDir FTPHomeDir # <- New LDAP attribute, we will add it later. +LDAPVersion 3 ``` ## Config OpenLDAP -* Get the schema modify by iredmail +* Get the schema modified by iredmail, it adds a new attribute `FTPHomeDir` to + store per-user FTP home directory. Default schema uses `homeDirectory`. ``` # wget https://bitbucket.org/zhb/iredmail/raw/default/extra/samples/pureftpd.schema -# mv pureftpd.schema /etc/openldap/schema/ +# mv pureftpd.schema /etc/openldap/schema/ ``` -* Open `/etc/openldap/slapd.conf`, include `pureftpd.schema` after `iredmail.schema`: +* Update `/etc/openldap/slapd.conf`, include `pureftpd.schema` after `iredmail.schema`: ``` include /etc/openldap/schema/iredmail.schema @@ -72,7 +71,7 @@ index FTPStatus,FTPuid,FTPgid,FTPHomeDir eq,pres ## Create FTP Home Directory We're going to store all FTP data under `/home/ftp/` directory, so let's create -`/home/ftp/` now, owner must be `root` user. +`/home/ftp/` first, directory owner MUST be `root` user. ``` # mkdir /home/ftp/ @@ -82,7 +81,7 @@ drwxr-xr-x 3 root root 4096 Jun 7 20:18 /home/ftp/ ## Restart OpenLDAP and Pure-FTPD Service -Make sure pure-ftpd is running: +Restart Pure-FTPd and OpenLDAP services: ``` # /etc/init.d/ldap restart @@ -95,17 +94,22 @@ tcp 0 0 :::21 :::* LISTEN 2062/pure-ftpd (SERVER) ## Add LDAP FTP attributes and values for new user -use the iredmail tools quick create the user include the PureFTP attributes and values. +With script shipped in iRedMail, you can quickly create NEW mail user which +has pureftpd service support. -* Open `/iRedMail-x.y.z/tools/create_mail_user_OpenLDAP.sh` and set correct values: +* Open file `tools/create_mail_user_OpenLDAP.sh` under your iRedMail directory + (e.g. `/root/iRedMail-0.9.4/tools/create_mail_user_OpenLDAP.sh`), update + paraemters below with correct values: ``` -LDAP_SUFFIX="dc=example,dc=com" # <- Change the LDAP suffix -BINDPW='passwd' # <- Password for the bind dn `cn=Manager,dc=example,dc=com` -PUREFTPD_INTEGRATION='YES' # <- Change to YES, enable the pureftp inteegration +LDAP_SUFFIX="dc=example,dc=com" # <- Change the LDAP suffix +BINDPW='passwd' # <- Password for the bind dn `cn=Manager,dc=example,dc=com` +PUREFTPD_INTEGRATION='YES' # <- Set to 'YES' to enable the pureftp inteegration +FTP_STORAGE_BASE_DIRECTORY='/home/ftp' # <- Change it to the ftp home directory ``` -* Run the script to create a new user `user1@example.com`. The default password is same as user name (`user1`) by default. +* Run the script to create a new user `user1@example.com`. The default + password is same as user name (`user1`) by default. ``` # bash create_mail_user_OpenLDAP.sh example.com user1 @@ -119,6 +123,8 @@ ldapadd: Already exists (68) adding new entry "mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com" ``` +You can now login to both webmail and FTP service as this user. + ## Configure iptables iRedMail doesn't open port 20 and 21 by default, you must open them first. @@ -133,12 +139,16 @@ iRedMail doesn't open port 20 and 21 by default, you must open them first. * Restart the iptables service ``` -# /etc/init.d/iptables restart +# service iptables restart ``` ## Testing -You can use windows FTP client or Linux ftp client (e.g. command line ftp client `lftp` or GUI client `FileZilla`) for testing. +You can use windows FTP client or Linux ftp client (e.g. command line ftp +client `lftp` or GUI client [`FileZilla`](https://filezilla-project.org)) for +testing. + +We use `lftp` for testing below: ``` $ lftp localhost @@ -194,10 +204,10 @@ Enable verbose log in pure-ftpd * Open `/etc/pure-ftpd/pure-ftpd.conf` and set correct values: ``` -VerboseLog yes # <-- change form no to yes +VerboseLog yes # <-- change from no to yes ``` -* Open `/etc/syslog.conf` and set correct values: +* Open `/etc/rsyslog.conf` and set correct values: ``` ftp.* -/var/log/pureftpd.log # <-- Add entry @@ -206,8 +216,8 @@ ftp.* -/var/log/pureftpd.log # <-- Add entry * Restart services ``` -#/etc/init.d/pure-ftpd restart -#/etc/init.d/syslog restart +# service pure-ftpd restart +# service rsyslog restart ``` Monitor `/var/log/pureftpd.log` for troubleshooting: diff --git a/html/pureftpd.openldap.centos.html b/html/pureftpd.openldap.centos.html index c6995a25..9b56bf52 100644 --- a/html/pureftpd.openldap.centos.html +++ b/html/pureftpd.openldap.centos.html @@ -32,11 +32,9 @@

Use a proper LDAP bind dn/password to query accounts

-

iRedMail generates a LDAP bind dn cn=vmail,dc=xxx,dc=xxx with read-only -access to all mail accounts, we use it in ejabberd to query accounts.

-

Password of cn=vmail,dc=xxx,dc=xxx was generated randomly during iRedMail -installation, you can find the full dn and password in -/etc/postfix/ldap/catchall_maps.cf:

+

iRedMail generates a read-only LDAP bind dn cn=vmail,dc=xxx,dc=xxx during +installation, so it's perfect to query user accounts with this dn.

+

You can find the full dn and password in /etc/postfix/ldap/catchall_maps.cf:

# grep 'bind_' /etc/postfix/ldap/catchall_maps.cf
 bind_dn         = cn=vmail,dc=example,dc=com
 bind_pw         = InYTi8qGjamTb6Me2ESwbb6rxQUs5y
@@ -44,30 +42,31 @@ bind_pw         = InYTi8qGjamTb6Me2ESwbb6rxQUs5y
 
 
Configure the LDAP setting for PureFTPD

 
-
LDAPServer localhost
-LDAPPort 389
-LDAPBaseDN o=domains,dc=example,dc=com
-LDAPBindDN cn=vmail,dc=example,dc=com
-LDAPBindPW InYTi8qGjamTb6Me2ESwbb6rxQUs5y       # cn=vmail password 
-LDAPDefaultUID 2000                             # <- UID of `vmail` user.
-LDAPDefaultGID 2000                             # <- GID of `vmail` user.
-LDAPFilter (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
-LDAPHomeDir FTPHomeDir                          # <- New LDAP attribute, we will add it later.
-LDAPVersion 3
+
LDAPServer      localhost
+LDAPPort        389
+LDAPBaseDN      o=domains,dc=example,dc=com
+LDAPBindDN      cn=vmail,dc=example,dc=com
+LDAPBindPW      InYTi8qGjamTb6Me2ESwbb6rxQUs5y   # cn=vmail password 
+LDAPDefaultUID  2000                             # <- UID of `vmail` user.
+LDAPDefaultGID  2000                             # <- GID of `vmail` user.
+LDAPFilter      (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
+LDAPHomeDir     FTPHomeDir                       # <- New LDAP attribute, we will add it later.
+LDAPVersion     3
 

 
 
Config OpenLDAP

 
    
-
  • Get the schema modify by iredmail
    • 
+
  • Get the schema modified by iredmail, it adds a new attribute FTPHomeDir to
+  store per-user FTP home directory. Default schema uses homeDirectory.
    • 
 

 
# wget https://bitbucket.org/zhb/iredmail/raw/default/extra/samples/pureftpd.schema
-# mv pureftpd.schema /etc/openldap/schema/ 
+# mv pureftpd.schema /etc/openldap/schema/
 

 
 
    
-
  • Open /etc/openldap/slapd.conf, include pureftpd.schema after iredmail.schema:
    • 
+
  • Update /etc/openldap/slapd.conf, include pureftpd.schema after iredmail.schema:
    • 
 

 
include /etc/openldap/schema/iredmail.schema
 include /etc/openldap/schema/pureftpd.schema    # <-- Add this line.
@@ -86,14 +85,14 @@ index FTPStatus,FTPuid,FTPgid,FTPHomeDir eq,pres
 
 
Create FTP Home Directory

 
We're going to store all FTP data under /home/ftp/ directory, so let's create
-/home/ftp/ now, owner must be root user.

+/home/ftp/ first, directory owner MUST be root user.

 
# mkdir /home/ftp/
 # ls -dl /home/ftp
 drwxr-xr-x 3 root root 4096 Jun  7 20:18 /home/ftp/
 

 
 
Restart OpenLDAP and Pure-FTPD Service

-
Make sure pure-ftpd is running:

+
Restart Pure-FTPd and OpenLDAP services:

 
# /etc/init.d/ldap restart
 # /etc/init.d/pure-ftpd restart 
 
@@ -103,17 +102,22 @@ tcp 0   0 :::21         :::*        LISTEN  2062/pure-ftpd (SERVER)
 

 
 
Add LDAP FTP attributes and values for new user

-
use the iredmail tools quick create the user include the PureFTP attributes and values.

+
With script shipped in iRedMail, you can quickly create NEW mail user which
+has pureftpd service support.

 
    
-
  • Open /iRedMail-x.y.z/tools/create_mail_user_OpenLDAP.sh and set correct values:
    • 
+
  • Open file tools/create_mail_user_OpenLDAP.sh under your iRedMail directory
+  (e.g. /root/iRedMail-0.9.4/tools/create_mail_user_OpenLDAP.sh), update
+  paraemters below with correct values:
    • 
 

-
LDAP_SUFFIX="dc=example,dc=com" # <- Change the LDAP suffix 
-BINDPW='passwd'                 # <- Password for the bind dn `cn=Manager,dc=example,dc=com`
-PUREFTPD_INTEGRATION='YES'      # <- Change to YES, enable the pureftp inteegration
+
LDAP_SUFFIX="dc=example,dc=com"         # <- Change the LDAP suffix 
+BINDPW='passwd'                         # <- Password for the bind dn `cn=Manager,dc=example,dc=com`
+PUREFTPD_INTEGRATION='YES'              # <- Set to 'YES' to enable the pureftp inteegration
+FTP_STORAGE_BASE_DIRECTORY='/home/ftp'  # <- Change it to the ftp home directory
 

 
 
    
-
  • Run the script to create a new user user1@example.com. The default password is same as user name (user1) by default.
    • 
+
  • Run the script to create a new user user1@example.com. The default
+  password is same as user name (user1) by default.
    • 
 

 
# bash create_mail_user_OpenLDAP.sh example.com user1
 
@@ -126,6 +130,7 @@ ldapadd: Already exists (68)
 adding new entry "mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
 

 
+
You can now login to both webmail and FTP service as this user.

 
Configure iptables

 
iRedMail doesn't open port 20 and 21 by default, you must open them first.

 
    
@@ -138,11 +143,14 @@ adding new entry "mail=user1@example.com,ou=Users,domainName=example.com,o=
 
      
 
    • Restart the iptables service
      • 
 
    
-
    # /etc/init.d/iptables restart 
+
    # service iptables restart 
 
    
 
 
    Testing
    
-
    You can use windows FTP client or Linux ftp client (e.g. command line ftp client lftp or GUI client FileZilla) for testing.
    
+
    You can use windows FTP client or Linux ftp client (e.g. command line ftp
+client lftp or GUI client FileZilla) for
+testing.
    
+
    We use lftp for testing below:
    
 
    $ lftp localhost
 localhost:~> debug 4
 localhost:~> login user1@example.com user1 # <-- input the username and password
@@ -194,11 +202,11 @@ drwxr-xr-x    2 500      vmail        4096 Jun 10 16:16 ..
 
      
 
    • Open /etc/pure-ftpd/pure-ftpd.conf  and set correct values:
      • 
 
    
-
    VerboseLog                  yes # <-- change form no to yes 
+
    VerboseLog                  yes # <-- change from no to yes
 
    
 
 
      
-
    • Open /etc/syslog.conf and set correct values:
      • 
+
    • Open /etc/rsyslog.conf and set correct values:
      • 
 
    
 
    ftp.*                       -/var/log/pureftpd.log # <-- Add entry
 
    
@@ -206,8 +214,8 @@ drwxr-xr-x    2 500      vmail        4096 Jun 10 16:16 ..
 
      
 
    • Restart services
      • 
 
    
-
    #/etc/init.d/pure-ftpd restart
-#/etc/init.d/syslog restart
+
    # service pure-ftpd restart
+# service rsyslog restart
 
    
 
 
    Monitor /var/log/pureftpd.log for troubleshooting: