Hi all,
I installed Iredmail 0.9.6 with ldap backend, after that I install pure-ftpd. The problem is I can't connect from client.
This is my configs:
#ldap.conf
# slapd.conf
#pureftpd-ldap.conf
PROBLEM
I installed Iredmail 0.9.6 with ldap backend, after that I install pure-ftpd. The problem is I can't connect from client.
This is my configs:
Code:
#hosname -f
server1.example.com
Code:
BASE dc=example,dc=com
URI ldap://127.0.0.1:389
TLS_CACERT /etc/ssl/certs/iRedMail.crt
Code:
# Schemas.
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/corba.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
# Amavisd-new schema.
include /usr/local/etc/openldap/schema/amavisd-new.schema
# iRedMail schema.
include /usr/local/etc/openldap/schema/iredmail.schema
include /usr/local/etc/openldap/schema/pureftpd.schema
# Where the pid file is put. The init.d script will not stop the
# server if you change this.
pidfile /var/run/openldap/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/openldap/slapd.args
modulepath /usr/local/libexec/openldap
moduleload back_mdb
# Support password verification with SSHA512. Require OpenLDAP-2.4.32 or later.
moduleload pw-sha2
# The syncprov overlay
#moduleload syncprov.la
# TLS files.
TLSCACertificateFile /etc/ssl/certs/iRedMail.crt
TLSCertificateFile /etc/ssl/certs/iRedMail.crt
TLSCertificateKeyFile /etc/ssl/private/iRedMail.key
# Disallow bind as anonymous.
disallow bind_anon
# Uncomment below line to allow binding as anonymous.
#allow bind_anon_cred
# Specify LDAP protocol version.
require LDAPv3
#allow bind_v2
# Log level.
# -1: enable all debugging
# 0: no debugging
# 128: access control list processing
# 256: stats log connections/operations/results
loglevel 256
# Access Control
# Allow users to change their own passwords and mail forwarding addresses.
access to attrs="userPassword,mailForwardingAddress,storageBaseDirectory,homeDirectory,mailMessageStore"
by anonymous auth
by self write
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by users none
# Allow to read others public info.
access to attrs="cn,sn,gn,givenName,telephoneNumber"
by anonymous auth
by self write
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by users read
# Domain attrs.
access to attrs="objectclass,domainName,mtaTransport,enabledService,domainSenderBccAddress,domainRecipientBccAddress,domainBackupMX,domainMaxQuotaSize
by anonymous auth
by self read
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by users read
access to attrs="domainAdmin,domainGlobalAdmin,domainSenderBccAddress,domainRecipientBccAddress"
by anonymous auth
by self read
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by users none
# User attrs.
access to attrs="employeeNumber,mail,accountStatus,domainStatus,userSenderBccAddress,userRecipientBccAddress,mailQuota,backupMailAddress,shadowAddress
by anonymous auth
by self read
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by us
access to dn="cn=vmail,dc=example,dc=com"
by anonymous auth
by self write
by users none
access to dn="cn=vmailadmin,dc=example,dc=com"
by anonymous auth
by self write
by users none
#
# Allow users to access their own domain subtree.
# Allow domain admin to modify accounts under same domain.
#
access to dn.regex="domainName=([^,]+),o=domains,dc=example,dc=com$"
by anonymous auth
by self write
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by dn.regex="mail=[^,]+@$1,o=domainAdmins,dc=example,dc=com$" write
by dn.regex="mail=[^,]+@$1,ou=Users,domainName=$1,o=domains,dc=example,dc=com$" read
by users none
#
# Grant correct privileges to vmail/vmailadmin.
#
access to dn.subtree="o=domains,dc=example,dc=com"
by anonymous auth
by self write
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by users none
access to dn.subtree="o=domainAdmins,dc=example,dc=com"
by anonymous auth
by self write
by dn.exact="cn=vmail,dc=example,dc=com" read
by dn.exact="cn=vmailadmin,dc=example,dc=com" write
by users none
#
# Set permission for "cn=*,dc=example,dc=com".
#
access to dn.regex="cn=[^,]+,dc=example,dc=com"
by anonymous auth
by self write
by users none
#
# Set default permission.
#
access to *
by anonymous auth
by self write
by users read
#######################################################################
# Databases
#######################################################################
database mdb
suffix dc=example,dc=com
directory /var/db/openldap-data/example.com
rootdn cn=Manager,dc=example,dc=com
#rootdn cn=vmail,dc=example,dc=com
rootpw {SSHA}m9aX0qGRJZKh4Vsp4/dV9lCgShtwrTZmVYt0XA==
# Specify the maximum number of entries to return from a search operation.
# Defaults to 500. Use `unlimited` to specify no limits.
siz
# Default indexes.
#
index objectclass,entryCSN,entryUUID eq
index uidNumber,gidNumber,uid,memberUid,loginShell eq,pres
index homeDirectory,mailMessageStore eq,pres
index ou,cn,mail,surname,givenname,telephoneNumber,displayName eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index shadowLastChange eq,pres
#
# Index for mail attrs.
#
# Domain object
index domainName,mtaTransport,accountStatus,enabledService,disabledService eq,pres,sub
index domainAliasName eq,pres,sub
index domainMaxUserNumber eq,pres
index domainAdmin,domainGlobalAdmin,domainBackupMX eq,pres,sub
index domainSenderBccAddress,domainRecipientBccAddress eq,pres,sub
# Group object
index accessPolicy,hasMember,listAllowedUser eq,pres,sub
# User object
index mailForwardingAddress,shadowAddress eq,pres,sub
index backupMailAddress,memberOfGroup eq,pres,sub
index userRecipientBccAddress,userSenderBccAddress eq,pres,sub
#Index fo
index FTPQuotaFiles,FTPQuotaMBytes eq,pres
index FTPUploadRatio,FTPDownloadRatio eq,pres
index FTPUploadBandwidth,FTPDownloadBandwidth eq,pres
index FTPStatus,FTPuid,FTPgid,FTPHomeDir eq,pres
Code:
LDAPScheme ldap
LDAPServer localhost
LDAPPort 389
LDAPBaseDN o=domains,dc=example,dc=com
LDAPBindDN cn=vmail,dc=example,dc=com
LDAPBindPW 3718643a9df486241acceaeab5f8f9eb
LDAPDefaultUID 2000
LDAPDefaultGID 2000
LDAPFilter (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
LDAPHomeDir FTPHomeDir
LDAPVersion 3
LDAPAuthMethod PASSWORD
PROBLEM
Code:
root@client:~ # lftp localhost
lftp localhost:~> debug 4
lftp localhost:~> login user1@example.com
Password:
lftp user1@example.com@localhost:~> ls
---- Connecting to localhost (::1) port 21
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<--- 220-You are user number 1 of 50 allowed.
<--- 220-Local time is now 18:03. Server port: 21.
<--- 220 You will be disconnected after 15 minutes of inactivity.
<--- 211-Extensions supported:
<--- EPRT
<--- IDLE
<--- MDTM
<--- SIZE
<--- MFMT
<--- REST STREAM
<--- MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<--- MLSD
<--- AUTH TLS
<--- PBSZ
<--- PROT
<--- UTF8
<--- ESTA
<--- PASV
<--- EPSV
<--- SPSV
<--- ESTP
<--- 211 End.
<--- 500 This security scheme is not implemented
<--- 200 OK, UTF-8 enabled
<--- 200 MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
<--- 331 User user1@example.com OK. Password required
`ls' at 0 [Sending commands...]
<--- 530 Login authentication failed
ls: Login failed: 530 Login authentication failed
<--- 530 You aren't logged in
lftp user1@example.com@localhost:~>
<--- 221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
<--- 221 Logout.
lftp user1@example.com@localhost:~>