Virtual Mail And FTP Hosting With iRedMail And Pure-FTPd On Ubuntu 9.04 - Page 2

10 Add LDAP Attributes And Values

10.1 Add LDAP Attributes And Values For Existing Mail Users

Use phpLDAPadmin or other tools to add sample LDAP attributes and values for existing mail users.

Log into phpLDAPadmin:

Find the existing mail user www@example.com:

Add Object Class for the user www@example.com:

Select the Object Class PureFTPdUser:

The result:

Add PureFTPdUser attribute:

All the attributes about PureFTPdUser:

Enable FTP status:

Add all the PureFTP attributes according to the below form:

10.2 Add LDAP Attributes And Values For New Users

You can use the iredmail tools to quickly create a new user including the PureFTP attributes and values.

cd iRedMail-0.5.1/tools 
vi create_mail_user_OpenLDAP.sh

LDAP_SUFFIX="dc=example,dc=com" # <- Change the LDAP suffix 

BINDPW='passwd'                 # <- The user cn=manager,dc=example,dc=com password

PUREFTPD_INTEGRATION='YES'      # <- Change form NO to YES,enable the pureftp inteegration

Run the script to create the users user1 and user2. By default, the default password is same as the user name.

bash create_mail_user_OpenLDAP.sh example.com user1 user2

adding new entry "ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)

adding new entry "ou=Groups,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)

adding new entry "ou=Aliases,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)

adding new entry "mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"

adding new entry "mail=user2@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"

11 Configure iptables

By default the ports 20 and 21 are not open. If you use the ftp client test, you need open the ports 20 and 21.

vi /etc/default/iptables

# http/https, smtp/smtps, pop3/pop3s, imap/imaps, ssh
-A INPUT -p tcp -m multiport --dport 80,443,25,465,110,995,143,993,587,465,22,20,21 -j ACCEPT # <-- Add 20 21 

Restart the iptables service.

/etc/init.d/iptables restart

12 Testing

You can use a Windows FTP client or the Linux ftp client lftp for testing.

lftp localhost 
lftp localhost:~> debug 4 
lftp localhost:~> login user1@example.com user1 # <-- input the username and password 
lftp user1@example.com@localhost:~> ls

---- Connecting to localhost (127.0.0.1) port 21
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<--- 220-You are user number 1 of 50 allowed.
<--- 220-Local time is now 16:25. Server port: 21.
<--- 220-IPv6 connections are also welcome on this server.
<--- 220 You will be disconnected after 15 minutes of inactivity.
<--- 211-Extensions supported:
<--- EPRT
<--- IDLE
<--- MDTM
<--- SIZE
<--- REST STREAM
<--- MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<--- MLSD
<--- ESTP
<--- PASV
<--- EPSV
<--- SPSV
<--- ESTA
<--- AUTH TLS
<--- PBSZ
<--- PROT
<--- UTF8
<--- 211 End.
<--- 500 This security scheme is not implemented
<--- 200 OK, UTF-8 enabled
<--- 200 MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
<--- 331 User user1@example.com OK. Password required
<--- 230-Your bandwidth usage is restricted
<--- 230-User user1@example.com has group access to: vmail
<--- 230-You must respect a 1:5 (UL/DL) ratio
<--- 230-OK. Current restricted directory is /
<--- 230-0 files used (0%) - authorized: 50 files
<--- 230 0 Kbytes used (0%) - authorized: 10240 Kb
<--- 257 "/" is your current location
<--- 227 Entering Passive Mode (127,0,0,1,32,58)
<--- 150 Accepted data connection
<--- 226-Options: -l
<--- 226 0 matches total

13 Troubleshooting

Enable verbose logging in pure-ftpd:

echo "yes" > /etc/pure-ftpd/conf/VerboseLog

vi /etc/syslog.conf

ftp.*                       -/var/log/pure-ftpd/pureftpd.log # <-- Add entry

Create the pureftpd.log file:

touch /var/log/pure-ftpd/pureftpd.log

Enable ldap logging:

vi /etc/ldap/slapd.conf

loglevel    256 # <-- change form 0 to 256  

Restart pure-ftpd, syslog, and openldap:

/etc/init.d/pure-ftpd-ldap restart
/etc/init.d/sysklogd restart
/etc/init.d/slapd restart

Monitor /var/log/pureftpd.log and /var/log/openldap.log for troubleshooting:

tail -0f /var/log/openldap.log

root@mail:~# tail -0f /var/log/openldap.log
Nov 10 17:04:01 mail slapd[3673]: warning: /etc/hosts.deny, line 0: missing newline or line too long
Nov 10 17:04:01 mail slapd[3673]: conn=2 fd=21 ACCEPT from IP=127.0.0.1:36769 (IP=0.0.0.0:389)
Nov 10 17:04:01 mail slapd[3673]: conn=2 op=0 BIND dn="cn=vmail,dc=example,dc=com" method=128
Nov 10 17:04:01 mail slapd[3673]: conn=2 op=0 BIND dn="cn=vmail,dc=example,dc=com" mech=SIMPLE ssf=0
Nov 10 17:04:01 mail slapd[3673]: conn=2 op=0 RESULT tag=97 err=0 text=
Nov 10 17:04:01 mail slapd[3673]: conn=2 op=1 SRCH base="o=domains,dc=example,dc=com" scope=2 deref=0
filter="(&(objectClass=PureFTPdUser)(mail=user1@example.com)(FTPStatus=enabled))"
Nov 10 17:04:01 mail slapd[3673]: conn=2 op=1 SRCH attr=FTPHomeDir uidNumber FTPuid gidNumber FTPgid
userPassword loginShell FTPStatus FTPQuotaFiles FTPQuotaMBytes FTPDownloadRatio FTPUploadRatio FTPDownloadBandwidth FTPUploadBandwidth
Nov 10 17:04:01 mail slapd[3673]: conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Nov 10 17:04:01 mail slapd[3673]: conn=2 op=2 UNBIND
Nov 10 17:04:01 mail slapd[3673]: conn=2 fd=21 closed

tail -0f /var/log/pure-ftpd/pureftpd.log

# tail -0f /var/log/pure-ftpd/pureftpd.log
Nov 12 15:00:03 mail pure-ftpd: (?@123.119.67.157) [INFO] New connection from 123.119.67.157
Nov 12 15:00:04 mail pure-ftpd: (?@123.119.67.157) [DEBUG] Command [user] [user1@example.com]
Nov 12 15:00:04 mail pure-ftpd: (?@123.119.67.157) [DEBUG] Command [pass] [<*>]
Nov 12 15:00:04 mail pure-ftpd: (?@123.119.67.157) [INFO] user1@example.com is now logged in
Nov 12 15:00:04 mail pure-ftpd: (user1@example.com@123.119.67.157) [DEBUG] Command [syst] []
Nov 12 15:00:05 mail pure-ftpd: (user1@example.com@123.119.67.157) [DEBUG] Command [feat] []
Nov 12 15:00:05 mail pure-ftpd: (user1@example.com@123.119.67.157) [DEBUG] Command [opts] [UTF8 ON]
Nov 12 15:00:05 mail pure-ftpd: (user1@example.com@123.119.67.157) [DEBUG] Command [pwd] []
Nov 12 15:00:06 mail pure-ftpd: (user1@example.com@123.119.67.157) [DEBUG] Command [type] [A]
Nov 12 15:00:06 mail pure-ftpd: (user1@example.com@123.119.67.157) [DEBUG] Command [port] [123,119,67,157,15,171]
Nov 12 15:00:07 mail pure-ftpd: (user1@example.com@123.119.67.157) [DEBUG] Command [list] [-a]
Nov 12 15:00:25 mail pure-ftpd: (user1@example.com@123.119.67.157) [DEBUG] Command [type] [I]
Nov 12 15:00:26 mail pure-ftpd: (user1@example.com@123.119.67.157) [DEBUG] Command [port] [123,119,67,157,15,174]
Nov 12 15:00:26 mail pure-ftpd: (user1@example.com@123.119.67.157) [DEBUG] Command [stor] [chenshake.pdf]
Nov 12 15:00:28 mail pure-ftpd: (user1@example.com@123.119.67.157)
[NOTICE] /home/ftp/example.com/u/us/use/user1-2009.11.12.14.52.32/ftp//chenshake.pdf uploaded (14317 bytes, 10.66KB/sec)
Nov 12 15:00:29 mail pure-ftpd: (user1@example.com@123.119.67.157) [DEBUG] Command [type] [A]
Nov 12 15:00:29 mail pure-ftpd: (user1@example.com@123.119.67.157) [DEBUG] Command [port] [123,119,67,157,15,175]
Nov 12 15:00:30 mail pure-ftpd: (user1@example.com@123.119.67.157) [DEBUG] Command [list] [-a]
Nov 12 15:00:52 mail pure-ftpd: (user1@example.com@123.119.67.157) [INFO] Logout.

14 Links

• Discussion forum: http://www.iredmail.org/forum/
• Project home page: http://code.google.com/p/iredmail/
• /etc/pure-ftpd/db/ldap.conf sample files: click here