Pure-ftpd With LDAP and TLS
Install Pure-ftpd with LDAP support
Setup OpenLDAP
Setup Security Account in LDAP
Setup Pure-ftpd
Refer to pure-ftpd-wrapper manual
Generate Certificate for Pure-ftpd
Setup Users Accounts
Create virtual users.
Initiate Pure-ftpd DB.
Create anonymous users.
Setup Pure-ftpd to Use PureDB for Authentication
#apt-get isntall pure-ftpd-ldap
Setup OpenLDAP
#mv /usr/share/doc/pure-ftpd-common/pureftpd.schema /etc/ldap/schema
#vi /etc/ldap/slapd.conf
include /etc/ldap/schema/pureftpd.schema
#/etc/init.d/slapd restart
Setup Security Account in LDAP
#ldapmodify -a -D "cn=admin,dc=HOME,dc=NET" -x -W
dn: cn=pureftpd,ou=DSA,dc=HOME,dc=NET
objectclass: organizationalRole
objectclass: top
objectclass: simpleSecurityObject
userPassword:
cn: pureftpd
#ldappasswd -x -h localhost -D "cn=admin,dc=HOME,dc=NET" -s-W cn=pureftpd,ou=DSA,dc=HOME,dc=NET
Setup Pure-ftpd
#vi /etc/pure-ftpd/db/ldap.conf
LDAPServer
LDAPPort 389
LDAPBaseDN ou=Users,dc=HOME,dc=NET
LDAPBindDN cn=pureftpds,ou=DSA,dc=HOME,dc=NET
LDAPBindPw
LDAPVersion 3
//Sarge seem to be not support this
LDAPUseTLS True
Refer to pure-ftpd-wrapper manual
#echo "no" > /etc/pure-ftpd/conf/PAMAuthentication
#echo "yes" > /etc/pure-ftpd/conf/NoAnonymous
#echo 6 > /etc/pure-ftpd/conf/MaxClientsNumber
#echo 3 > /etc/pure-ftpd/conf/MaxClientsPerIP
#echo "yes" > /etc/pure-ftpd/conf/DontResolve
#echo 95 > /etc/pure-ftpd/conf/MaxDiskUsage
#echo "yes" > /etc/pure-ftpd/conf/KeepAllFiles
#echo "077 177" > /etc/pure-ftpd/conf/Umask
#echo 2 > /etc/pure-ftpd/conf/TLS
#echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir
Generate Certificate for Pure-ftpd
#openssl req -x509 -nodes -newkey rsa:4096 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
#/etc/init.d/pure-ftpd-ldap restart
Setup Users Accounts
Create virtual users.
#groupadd ftpgroup
#useradd ftpusers -c "Virtual FTP Users" -g ftpgroup -d /dev/null -s /bin/false
#mkdir /home/ftpusers
#chown ftpusers.ftpgroup /home/ftpusers
Initiate Pure-ftpd DB.
#pure-pw useradd user -d /home/ftpusers/user -s /bin/false -m
#pure-pw mkdb
Create anonymous users.
#pw useradd ftp -c "Anonymous FTP" -d /usr/home/ftpusers/ftp -s /bin/false
#mkdir /home/ftpusers/ftp
#mkdir /home/ftpusers/ftp/incoming
#mkdir /home/ftpusers/ftp/pub
#chown ftpusers:ftpgroup /home/ftpusers/ftp
#chown ftp:ftpgroup /home/ftpusers/ftp/*
#chmod 0755 /home/ftpusers/ftp/incoming
#chmod 0555 /home/ftpusers/ftp/pub
Setup Pure-ftpd to Use PureDB for Authentication
#ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/65puredb