1 (edited by ernie49 2014-06-24 20:22:58)

Topic: LDAP + PureFTPd

======== Required information ====
- iRedMail version: 0.8.7.
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: CentOS 6.5
- Related log if you're reporting an issue:
====

Hello everyone,

Now the mailserver is running for 2 weeks with SOGo and it runs like a charm. Now I try to add PureFTPd server on LDAP server and I follow the manuel of this links:

http://www.iredmail.org/wiki/index.php? … DAP/CentOS
http://www.howtoforge.com/virtual-mail- … -pure-ftpd

unfortunately it will not work.

In log file of LDAP server I have this message:

slapd[1950]: conn=1041 fd=25 ACCEPT from IP=127.0.0.1:33931 (IP=0.0.0.0:389)
slapd[1950]: conn=1041 op=0 BIND dn="cn=vmail,dc=xxx,dc=xxx" method=128
slapd[1950]: conn=1041 op=0 BIND dn="cn=vmail,dc=xxx,dc=xxx" mech=SIMPLE ssf=0
slapd[1950]: conn=1041 op=0 RESULT tag=97 err=0 text=
slapd[1950]: conn=1041 op=1 SRCH base="cn=domains,dc=xxx,dc=xxx" scope=2 deref=0 filter="(&(objectClass=PureFTPdUser)(mail=user1@xxx.xxx)(FTPStatus=enabled))"
slapd[1950]: conn=1041 op=1 SRCH attr=FTPHomeDir uidNumber FTPuid gidNumber FTPgid userPassword loginShell FTPStatus FTPQuotaFiles FTPQuotaMBytes FTPDownloadRatio FTPUploadRatio FTPDownloadBandwidth FTPUploadBandwidth
slapd[1950]: conn=1041 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
lapd[1950]: conn=1041 op=2 UNBIND
slapd[1950]: conn=1041 fd=25 closed

I try to login within terminal session:

lftp localhost
lftp localhost:~> debug 4
lftp localhost:~> login user1@xxx.xxx password
lftp user1@localhost:~> ls
---- Connecting to localhost (127.0.0.1) port 21
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<--- 220-You are user number 1 of 50 allowed.
<--- 220-Local time is now 14:16. Server port: 21.
<--- 220-This is a private system - No anonymous login
<--- 220-IPv6 connections are also welcome on this server.
<--- 220 You will be disconnected after 15 minutes of inactivity.
<--- 211-Extensions supported:
<---  EPRT
<---  IDLE
<---  MDTM
<---  SIZE
<---  MFMT
<---  REST STREAM
<---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<---  MLSD
<---  AUTH TLS
<---  PBSZ
<---  PROT
<---  UTF8
<---  ESTA
<---  PASV
<---  EPSV
<---  SPSV
<---  ESTP
<--- 211 End.
<--- 500 This security scheme is not implemented
<--- 200 OK, UTF-8 enabled
<--- 200  MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
<--- 331 User user1@xxx.xxx OK. Password required
<--- 530 Login authentication failed
ls: Login failed: 530 Login authentication failed
<--- 530 You aren't logged in
<--- 221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
<--- 221 Logout.

Can somebody help me please?

Thanks

Kind regards

Ernie

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: LDAP + PureFTPd

ernie49 wrote:

slapd[1950]: conn=1041 op=1 SRCH base="cn=domains,dc=xxx,dc=xxx" scope=2 deref=0 filter="(&(objectClass=PureFTPdUser)(mail=user1@xxx.xxx)(FTPStatus=enabled))"

iRedMail uses 'o=domains,dc=xxx,dc=xxx', not 'cn=domains', is it a typo error in your PureFTPd config file?

Also, it's better and easier to use below filter:

# Your current filter:
#(&(objectClass=PureFTPdUser)(mail=user1@xxx.xxx)(FTPStatus=enabled))

# Suggested one:
(&(objectClass=mailUser)(mail=user1@xxx.xxx)(accountStatus=active))

If you have 'enabledService=ftp' for every user, you can also add it to restrict ftp service like this:

(&(objectClass=mailUser)(mail=user1@xxx.xxx)(accountStatus=active)(enabledService=ftp))

With iRedAdmin-Pro, you can manage addition service restriction with below tutorial:
http://www.iredmail.org/forum/post30345.html#p30345
Note: You don't need the patch mentioned in above link with next release of iRedAdmin-Pro, just set 'ADDITION_USER_SERVICES'.

3 (edited by ernie49 2014-06-24 22:34:21)

Re: LDAP + PureFTPd

Great. It works. That's my mistake.

I changed the line
(&(objectClass=PureFTPdUser)(mail=user1@xxx.xxx)(FTPStatus=enabled))
to
(&(objectClass=mailUser)(mail=user1@xxx.xxx)(accountStatus=active))
and it works also good.

Thanks a lot for your help and for your great work here for us. ;-)))

Kind regards

Ernie