6 Add LDAP attributes and values
Add LDAP attributes and values for exist mail user
Use phpLDAPadmin or other tools to add sample LDAP attributes and values for existing mail users.
| Attribute Name | Value |
| objectClass | PureFTPdUser |
| FTPStatus | enabled |
| FTPQuotaFiles | 50 |
| FTPQuotaMBytes | 10 |
| FTPDownloadBandwidth | 50 |
| FTPUploadBandwidth | 50 |
| FTPDownloadRatio | 5 |
| FTPUploadRatio | 1 |
| FTPHomeDir | /home/ftp/example.com/username/ |
Log into phpLDAPadmin:
Find the existing mail user www@example.com:
Add Object Class for the user www@example.com:
Select the Object Class PureFTPdUser:
The result:
Add PureFTPdUser attitbute:
All the attributes about PureFTPdUser:
Enable FTP status:
Add all the PureFTP attributes according to the below form:
Add LDAP attributes and values for new user
You can use the iredmail tools to quickly create a new user including the PureFTP attributes and values.
cd /iRedMail-0.5.0-rc2/tools/
vi create_mail_user_OpenLDAP.sh
LDAP_SUFFIX="dc=example,dc=com" # <- Change the LDAP suffix BINDPW='passwd' # <- The user cn=manager,dc=example,dc=com password PUREFTPD_INTEGRATION='YES' # <- Change form NO to YES,enable the pureftp inteegration |
Run the script create the users user1 and user2. By default, the default password is same as the user name.
bash create_mail_user_OpenLDAP.sh example.com user1 user2
adding new entry "ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "ou=Groups,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "ou=Aliases,domainName=example.com,o=domains,dc=example,dc=com"
ldapadd: Already exists (68)
adding new entry "mail=user1@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
adding new entry "mail=user2@example.com,ou=Users,domainName=example.com,o=domains,dc=example,dc=com"
7 Configure iptables
By default the ports 20 and 21 are not open. If you use the ftp client test, you need open the ports 20 and 21.
vi /etc/sysconfig/iptables
# http/https, smtp/smtps, pop3/pop3s, imap/imaps, ssh
-A INPUT -p tcp -m multiport --dport 80,443,25,465,110,995,143,993,587,465,22,20,21 -j ACCEPT # <-- Add 20 21
|
Restart the iptables service:
/etc/init.d/iptables restart
8 Testing
You can use a Windows FTP client or the Linux ftp client lftp for testing.
lftp localhost
lftp localhost:~> debug 4
lftp localhost:~> login user1@example.com user1 # <-- type in the username and password
lftp user1@example.com@localhost:~> ls
---- Connecting to localhost (127.0.0.1) port 21
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<--- 220-You are user number 1 of 50 allowed.
<--- 220-Local time is now 16:25. Server port: 21.
<--- 220-IPv6 connections are also welcome on this server.
<--- 220 You will be disconnected after 15 minutes of inactivity.
<--- 211-Extensions supported:
<--- EPRT
<--- IDLE
<--- MDTM
<--- SIZE
<--- REST STREAM
<--- MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<--- MLSD
<--- ESTP
<--- PASV
<--- EPSV
<--- SPSV
<--- ESTA
<--- AUTH TLS
<--- PBSZ
<--- PROT
<--- UTF8
<--- 211 End.
<--- 500 This security scheme is not implemented
<--- 200 OK, UTF-8 enabled
<--- 200 MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
<--- 331 User user1@example.com OK. Password required
<--- 230-Your bandwidth usage is restricted
<--- 230-User user1@example.com has group access to: vmail
<--- 230-You must respect a 1:5 (UL/DL) ratio
<--- 230-OK. Current restricted directory is /
<--- 230-0 files used (0%) - authorized: 50 files
<--- 230 0 Kbytes used (0%) - authorized: 10240 Kb
<--- 257 "/" is your current location
<--- 227 Entering Passive Mode (127,0,0,1,32,58)
<--- 150 Accepted data connection
drwxr-xr-x 2 500 vmail 4096 Jun 10 16:16 .
drwxr-xr-x 2 500 vmail 4096 Jun 10 16:16 ..
-rw------- 1 500 vmail 0 Jun 10 16:16 .ftpquota
9 Troubleshooting
Enable verbose logging in pure-ftpd.conf:
vi /etc/pure-ftpd/pure-ftpd.conf
VerboseLog yes # <-- change form no to yes
|
vi /etc/syslog.conf
ftp.* -/var/log/pureftpd.log # <-- Add entry
|
Enable ldap logging:
vi /etc/openldap/slapd.conf
loglevel 256 # <-- change from 0 to 256
|
Restart pure-ftpd, syslog, and openldap:
/etc/init.d/pure-ftpd restart
/etc/init.d/syslog restart
/etc/init.d/ldap restart
Monitor /var/log/pureftpd.log and /var/log/openldap.log for troubleshooting.
tail -0f /var/log/openldap.log
tail -0f /var/log/pureftpd.log
10 Links
- Discussion forum: http://www.iredmail.org/forum/
- Project home page: http://code.google.com/p/iredmail/