Pure-FTPd FTP Server 使用 LDAP Server 認證

開啟 PureFTPd FTP Server 的 LDAP  設定
# vim /etc/pure-ftpd/pure-ftpd.conf
# LDAP configuration file (see README.LDAP)
LDAPConfigFile                /etc/pure-ftpd/pureftpd-ldap.conf

修改 /etc/pure-ftpd/pureftpd-ldap.conf 設定
# vim /etc/pure-ftpd/pureftpd-ldap.conf
# Optional : name of the LDAP server. Default : localhost
# LDAP Server IP
LDAPServer 192.168.154.167

# Optional : server port. Default : 389
# LDAP Server 連線 Port
LDAPPort   389

# Mandatory : the base DN to search accounts from. No default.
LDAPBaseDN ou=Student,dc=ldap,dc=tces.ilc.edu.tw

# Optional : who we should bind the server as.
#            Default : binds anonymously or binds as FTP users
LDAPBindDN cn=Manager,dc=ldap,dc=tces.ilc.edu.tw

# Password if we don’t bind anonymously
# This configuration file should be only readable by root
# LDAP 管理者密碼
LDAPBindPW 123456

重新啟動 PureFTPd FTP Server
# service pure-ftpd restart
正在停止 pure-ftpd:                                       [  確定  ]
正在啟動 pure-ftpd:                                       [  確定  ]
[@more@]
要測試的帳號 s0990499 和 s0990999
# cat s0990t.ldif
dn: uid=s0990499,ou=s0990,ou=Student,dc=ldap,dc=tces.ilc.edu.tw
uid: s0990499
cn: 四忠01蔡中火
sn: 四忠01蔡中火
mail: s0990499@tces.ilc.edu.tw
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {SSHA}xecUVfAyOlao7udDzLccUvf4fHOonjzN
loginShell: /sbin/nologin
uidNumber: 500
gidNumber: 500
homeDirectory: /home/s0990/s0990499
gecos: 四忠01蔡中火

dn: uid=s0990999,ou=s0990,ou=Student,dc=ldap,dc=tces.ilc.edu.tw
uid: s0990999
cn: 四忠02陳大水
sn: 四忠02陳大水
mail: s0990999@tces.ilc.edu.tw
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {SSHA}WqVy40LfOfoRV1KBwlJFPpfGNgnkIbtr
loginShell: /sbin/nologin
uidNumber: 500
gidNumber: 500
homeDirectory: /home/s0990/s0990999
gecos: 四忠02陳大水

匯入 LDAP 資料
# service slapd stop
# /usr/sbin/slapadd -l s0990t.ldif
# chown -R ldap:ldap /var/lib/ldap
# service slapd start

搜尋 LDAP 資料庫是否有加入的資料
# ldapsearch -x -b “ou=Student,dc=ldap,dc=tces.ilc.edu.tw” uid=s0990999 | php /root/utf8ldif.php

# extended LDIF
#
# LDAPv3
# base <ou=Student,dc=ldap,dc=tces.ilc.edu.tw> with scope subtree
# filter: uid=s0990999
# requesting: ALL
#

# s0990999, s0990, Student, ldap.tces.ilc.edu.tw
dn: uid=s0990999,ou=s0990,ou=Student,dc=ldap,dc=tces.ilc.edu.tw
uid: s0990999
cn: 四忠02陳大水
sn: 四忠02陳大水
mail: s0990999@tces.ilc.edu.tw
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
userPassword: {SSHA}WqVy40LfOfoRV1KBwlJFPpfGNgnkIbtr
loginShell: /sbin/nologin
uidNumber: 500
gidNumber: 500
homeDirectory: /home/s0990/s0990999
gecos: 四忠02陳大水

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

建立使用者虛擬目錄
# vim mkuserdir.awk
# 建立使用者目錄
{print “mkdir -p /home/”$6″/”$4 }
# 更改檔案目錄的所屬擁有者及群組
{print “chown -R  500:500  /home/”$6″/”$4″ ” }

測試
# awk -f mkuserdir.awk 102_class41.lst
mkdir -p /home/s0990/s0990499
chown -R  500:500  /home/s0990/s0990499
mkdir -p /home/s0990/s0990999
chown -R  500:500  /home/s0990/s0990999

使用方式
# awk -f mkuserdir.awk 102_class41.lst  | sh

測試
# lftp -u s0990999 localhost
密碼:
lftp s0990999@localhost:~> ls -l
drwxr-xr-x    2 500        virtualgrp       4096 Jan  2 10:58 .
drwxr-xr-x    2 500        virtualgrp       4096 Jan  2 10:58 ..
lftp s0990999@localhost:/>

如果系統有使用 SELinux,要記得把家目錄的功能打開
# setsebool -P ftp_home_dir 1
# setsebool -P allow_ftpd_full_access=1