Install PureFTPD from EPEL yum repo:
# yum install pure-ftpd
iRedMail generates a read-only LDAP bind dn cn=vmail,dc=xxx,dc=xxx
during
installation, so it's perfect to query user accounts with this dn.
You can find the full dn and password in /etc/postfix/ldap/catchall_maps.cf
:
# grep 'bind_' /etc/postfix/ldap/catchall_maps.cf
bind_dn = cn=vmail,dc=example,dc=com
bind_pw = InYTi8qGjamTb6Me2ESwbb6rxQUs5y
/etc/pure-ftpd/pureftpd-ldap.conf
and update parameters below:LDAPServer localhost
LDAPPort 389
LDAPBaseDN o=domains,dc=example,dc=com
LDAPBindDN cn=vmail,dc=example,dc=com
LDAPBindPW InYTi8qGjamTb6Me2ESwbb6rxQUs5y # cn=vmail password
LDAPDefaultUID 2000 # <- UID of `vmail` user.
LDAPDefaultGID 2000 # <- GID of `vmail` user.
LDAPFilter (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
LDAPHomeDir FTPHomeDir # <- New LDAP attribute, we will add it later.
LDAPVersion 3
FTPHomeDir
to
store per-user FTP home directory. Default schema uses homeDirectory
.# wget https://bitbucket.org/zhb/iredmail/raw/default/extra/samples/pureftpd.schema
# mv pureftpd.schema /etc/openldap/schema/
/etc/openldap/slapd.conf
, include pureftpd.schema
after iredmail.schema
:include /etc/openldap/schema/iredmail.schema
include /etc/openldap/schema/pureftpd.schema # <-- Add this line.
/etc/openldap/slapd.conf
, append required indexes for attributes
defined in pureftpd.schema
:# Indexes for Pure-FTPd LDAP attributes.
index FTPQuotaFiles,FTPQuotaMBytes eq,pres
index FTPUploadRatio,FTPDownloadRatio eq,pres
index FTPUploadBandwidth,FTPDownloadBandwidth eq,pres
index FTPStatus,FTPuid,FTPgid,FTPHomeDir eq,pres
We're going to store all FTP data under /home/ftp/
directory, so let's create
/home/ftp/
first, directory owner MUST be root
user.
# mkdir /home/ftp/
# ls -dl /home/ftp
drwxr-xr-x 3 root root 4096 Jun 7 20:18 /home/ftp/
Restart Pure-FTPd and OpenLDAP services:
# /etc/init.d/ldap restart
# /etc/init.d/pure-ftpd restart
# netstat -ntlp | grep pure-ftpd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2062/pure-ftpd (SERVER)
tcp 0 0 :::21 :::* LISTEN 2062/pure-ftpd (SERVER)
With script shipped in iRedMail, you can quickly create NEW mail user which has pureftpd service support.
tools/create_mail_user_OpenLDAP.sh
under your iRedMail directory
(e.g. /root/iRedMail-0.9.4/tools/create_mail_user_OpenLDAP.sh
), update
paraemters below with correct values:LDAP_SUFFIX="dc=example,dc=com" # <- Change the LDAP suffix
BINDPW='passwd' # <- Password for the bind dn `cn=Manager,dc=example,dc=com`
PUREFTPD_INTEGRATION='YES' # <- Set to 'YES' to enable the pureftp inteegration
FTP_STORAGE_BASE_DIRECTORY='/home/ftp' # <- Change it to the ftp home directory
user1@example.com
. The default
password is same as user name (user1
) by default.# bash create_mail_user_OpenLDAP.sh example.com user1
adding new entry "ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "ou=Groups,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "ou=Aliases,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
You can now login to both webmail and FTP service as this user.
iRedMail doesn't open port 20 and 21 by default, you must open them first.
/etc/sysconfig/iptables
and set correct values:-A INPUT -p tcp --dport 20 -j ACCEPT
-A INPUT -p tcp --dport 21 -j ACCEPT
# service iptables restart
You can use windows FTP client or Linux ftp client (e.g. command line ftp
client lftp
or GUI client FileZilla
) for
testing.
We use lftp
for testing below:
$ lftp localhost
localhost:~> debug 4
localhost:~> login user1@example.com user1 # <-- input the username and password
user1@example.com@localhost:~> ls
---- Connecting to localhost (127.0.0.1) port 21
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<--- 220-You are user number 1 of 50 allowed.
<--- 220-Local time is now 16:25. Server port: 21.
<--- 220-IPv6 connections are also welcome on this server.
<--- 220 You will be disconnected after 15 minutes of inactivity.
<--- 211-Extensions supported:
<--- EPRT
<--- IDLE
<--- MDTM
<--- SIZE
<--- REST STREAM
<--- MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<--- MLSD
<--- ESTP
<--- PASV
<--- EPSV
<--- SPSV
<--- ESTA
<--- AUTH TLS
<--- PBSZ
<--- PROT
<--- UTF8
<--- 211 End.
<--- 500 This security scheme is not implemented
<--- 200 OK, UTF-8 enabled
<--- 200 MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
<--- 331 User user1@example.com OK. Password required
<--- 230-Your bandwidth usage is restricted
<--- 230-User user1@example.com has group access to: vmail
<--- 230-You must respect a 1:5 (UL/DL) ratio
<--- 230-OK. Current restricted directory is /
<--- 230-0 files used (0%) - authorized: 50 files
<--- 230 0 Kbytes used (0%) - authorized: 10240 Kb
<--- 257 "/" is your current location
<--- 227 Entering Passive Mode (127,0,0,1,32,58)
<--- 150 Accepted data connection
drwxr-xr-x 2 500 vmail 4096 Jun 10 16:16 .
drwxr-xr-x 2 500 vmail 4096 Jun 10 16:16 ..
-rw------- 1 500 vmail 0 Jun 10 16:16 .ftpquota
Enable verbose log in pure-ftpd
/etc/pure-ftpd/pure-ftpd.conf
and set correct values:VerboseLog yes # <-- change from no to yes
/etc/rsyslog.conf
and set correct values:ftp.* -/var/log/pureftpd.log # <-- Add entry
# service pure-ftpd restart
# service rsyslog restart
Monitor /var/log/pureftpd.log
for troubleshooting:
# tail -0f /var/log/pureftpd.log
If you need to debug OpenLDAP, please refer to another document: Debug OpenLDAP.
All documents are available in BitBucket repository, and published under Creative Commons license. You can download the latest version for offline reading. If you found something wrong, please do contact us to fix it.