開啟 PureFTPd FTP Server 的 LDAP 設定
# vim /etc/pure-ftpd/pure-ftpd.conf
# LDAP configuration file (see README.LDAP)
LDAPConfigFile /etc/pure-ftpd/pureftpd-ldap.conf
修改 /etc/pure-ftpd/pureftpd-ldap.conf 設定
# vim /etc/pure-ftpd/pureftpd-ldap.conf
# Optional : name of the LDAP server. Default : localhost
# LDAP Server IP
LDAPServer 192.168.154.167
# Optional : server port. Default : 389
# LDAP Server 連線 Port
LDAPPort 389
# Mandatory : the base DN to search accounts from. No default.
LDAPBaseDN ou=Student,dc=ldap,dc=tces.ilc.edu.tw
# Optional : who we should bind the server as.
# Default : binds anonymously or binds as FTP users
LDAPBindDN cn=Manager,dc=ldap,dc=tces.ilc.edu.tw
# Password if we don’t bind anonymously
# This configuration file should be only readable by root
# LDAP 管理者密碼
LDAPBindPW 123456
重新啟動 PureFTPd FTP Server
# service pure-ftpd restart
正在停止 pure-ftpd: [ 確定 ]
正在啟動 pure-ftpd: [ 確定 ]
[@more@]
要測試的帳號 s0990499 和 s0990999
# cat s0990t.ldif
dn: uid=s0990499,ou=s0990,ou=Student,dc=ldap,dc=tces.ilc.edu.tw
uid: s0990499
cn: 四忠01蔡中火
sn: 四忠01蔡中火
mail: s0990499@tces.ilc.edu.tw
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {SSHA}xecUVfAyOlao7udDzLccUvf4fHOonjzN
loginShell: /sbin/nologin
uidNumber: 500
gidNumber: 500
homeDirectory: /home/s0990/s0990499
gecos: 四忠01蔡中火
dn: uid=s0990999,ou=s0990,ou=Student,dc=ldap,dc=tces.ilc.edu.tw
uid: s0990999
cn: 四忠02陳大水
sn: 四忠02陳大水
mail: s0990999@tces.ilc.edu.tw
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {SSHA}WqVy40LfOfoRV1KBwlJFPpfGNgnkIbtr
loginShell: /sbin/nologin
uidNumber: 500
gidNumber: 500
homeDirectory: /home/s0990/s0990999
gecos: 四忠02陳大水
匯入 LDAP 資料
# service slapd stop
# /usr/sbin/slapadd -l s0990t.ldif
# chown -R ldap:ldap /var/lib/ldap
# service slapd start
搜尋 LDAP 資料庫是否有加入的資料
# ldapsearch -x -b “ou=Student,dc=ldap,dc=tces.ilc.edu.tw” uid=s0990999 | php /root/utf8ldif.php
# extended LDIF
#
# LDAPv3
# base <ou=Student,dc=ldap,dc=tces.ilc.edu.tw> with scope subtree
# filter: uid=s0990999
# requesting: ALL
#
# s0990999, s0990, Student, ldap.tces.ilc.edu.tw
dn: uid=s0990999,ou=s0990,ou=Student,dc=ldap,dc=tces.ilc.edu.tw
uid: s0990999
cn: 四忠02陳大水
sn: 四忠02陳大水
mail: s0990999@tces.ilc.edu.tw
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {SSHA}WqVy40LfOfoRV1KBwlJFPpfGNgnkIbtr
loginShell: /sbin/nologin
uidNumber: 500
gidNumber: 500
homeDirectory: /home/s0990/s0990999
gecos: 四忠02陳大水
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
建立使用者虛擬目錄
# vim mkuserdir.awk
# 建立使用者目錄
{print “mkdir -p /home/”$6″/”$4 }
# 更改檔案目錄的所屬擁有者及群組
{print “chown -R 500:500 /home/”$6″/”$4″ ” }
測試
# awk -f mkuserdir.awk 102_class41.lst
mkdir -p /home/s0990/s0990499
chown -R 500:500 /home/s0990/s0990499
mkdir -p /home/s0990/s0990999
chown -R 500:500 /home/s0990/s0990999
使用方式
# awk -f mkuserdir.awk 102_class41.lst | sh
測試
# lftp -u s0990999 localhost
密碼:
lftp s0990999@localhost:~> ls -l
drwxr-xr-x 2 500 virtualgrp 4096 Jan 2 10:58 .
drwxr-xr-x 2 500 virtualgrp 4096 Jan 2 10:58 ..
lftp s0990999@localhost:/>
如果系統有使用 SELinux,要記得把家目錄的功能打開
# setsebool -P ftp_home_dir 1
# setsebool -P allow_ftpd_full_access=1