Virtual Mail And FTP Hosting With iRedMail And Pure-FTPd On Debian Lenny

iRedMail is a shell script that lets you quickly deploy a full-featured mail solution in less than 2 minutes. Since version 0.5, it supports CentOS 5.x, Debian 5.x, Ubuntu 8.04 and Ubuntu 9.04 (both i386 and x86_64). iRedMail supports both OpenLDAP and MySQL as backends for storing virtual domains and users.

The OpenLDAP backend of iRedMail allows you to integrate all kinds of applications. This guide shows you how to integrate pure-ftpd into the iRedMail ldap backend on Debian Lenny, passwords will be stored in ldap and you can change the password through webmail.

This tutorial is based on Debian 5.01, so I suggest you set up a minimum Debian 5.01, install iredmail 0.51 and choose OpenLDAP as the backend, as shown in this tutorial before you continue with this tutorial:

 

1 Install Pure-FTPd

Install pure-ftpd:

apt-get install pure-ftpd-ldap

 

2 Configure PureFTPd As A Standalone Server

Now we must configure PureFTPd as a standalone daemon (it is currently controlled by inetd). To do this, we open /etc/default/pure-ftpd-common and change the value of the parameter STANDALONE_OR_INETD to standalone:

vi /etc/default/pure-ftpd-common
#STANDALONE_OR_INETD=inetd
STANDALONE_OR_INETD=standalone    #change to standalone

Next, we modify /etc/inetd.conf and comment out the ftp line:

#ftp    stream  tcp     nowait  root    /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper

Afterwards, we restart inetd and PureFTPd:

/etc/init.d/openbsd-inetd restart
/etc/init.d/pure-ftpd-ldap restart

 

3 Basic Settings In /etc/pure-ftpd/conf/

Create the file /etc/pure-ftpd/conf/ChrootEveryone which simply contains the string yes:

echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone

This will make PureFTPd chroot every virtual user in his home directory so he will not be able to browse directories and files outside his home directory.

Also create the file /etc/pure-ftpd/conf/CreateHomeDir which again simply contains the string yes:

echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir

This will make PureFTPd create a user's home directory when the user logs in and the home directory does not exist yet.

Finally create the file /etc/pure-ftpd/conf/DontResolve which again simply contains the string yes:

echo "yes" > /etc/pure-ftpd/conf/DontResolve

This will make that PureFTPd doesn't look up host names which can significantly speed up connections and reduce bandwidth usage.

 

4 Find cn=vmail Password

The vmail password was randomly created during iredmail install. You can find the password in /etc/postfix/ldap_virtual_mailbox_domains.cf :

cat /etc/postfix/ldap_virtual_mailbox_domains.cf
bind_dn         = cn=vmail,dc=example,dc=com
bind_pw         = kZ6uB29mViWKWI9lOH3cGnF7z3Dw3B #cn=vmail password

 

5 Configure LDAP Settings

vi /etc/pure-ftpd/db/ldap.conf
LDAPServer localhost
LDAPPort 389
LDAPBaseDN o=domains,dc=example,dc=com
LDAPBindDN cn=vmail,dc=example,dc=com
LDAPBindPW kZ6uB29mViWKWI9lOH3cGnF7z3Dw3B #cn=vmail password
LDAPDefaultUID 1000      # <- UID of 'vmail' user.
LDAPDefaultGID 1000      # <- GID of 'vmail' user.
LDAPFilter (&(objectClass=PureFTPdUser)(mail=\L)(FTPStatus=enabled))
LDAPHomeDir FTPHomeDir  # <- This is new attribute, we will add it
LDAPVersion 3

 

6 Get Schema

You have two ways to get the pureftpd schema. You only need to choose one.

  • Download the schema that has been modified by iredmail.
  • Get the schema shipped within pure-ftpd-1.0.24 and modify it.

6.1 Download the schema that has been modified by iredmail:

wget http://iredmail.googlecode.com/svn/trunk/extra/pureftpd.schema -P /etc/ldap/schema/

6.2 Get the schema shipped within pure-ftpd-1.0.24:

cd /tmp/
wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.24.tar.bz2
tar xjf pure-ftpd-1.0.24.tar.bz2
cp pure-ftpd-1.0.24/pureftpd.schema /etc/ldap/schema/

Modify /etc/ldap/schema/pureftpd.schema:

We need to add one more attribute 'FTPHomeDir' before the objectclass definition, used to store the user's FTP directory.

vi /etc/ldap/schema/pureftpd.schema
attributetype ( 1.3.6.1.4.1.6981.11.3.9 NAME 'FTPgid'
        DESC 'System uid (overrides gidNumber if present)'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
# Add new attributetype FTPHomeDir.
attributetype ( 1.3.6.1.4.1.6981.11.3.10 NAME 'FTPHomeDir' 
        DESC 'FTP directory'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
## New Pure-FTPd object type

objectclass ( 1.3.6.1.4.1.6981.11.2.3 NAME 'PureFTPdUser'
        DESC 'PureFTPd user with optional quota, throttling and ratio'
        SUP top AUXILIARY      
        MAY ( FTPStatus $ FTPQuotaFiles $ FTPQuotaMBytes $ FTPUploadRatio $ 
              FTPDownloadRatio $ FTPUploadBandwidth $ FTPDownloadBandwidth $
              FTPuid $ FTPgid $ FTPHomeDir ) ) # <-- Add $ FTPHomeDir

 

7 Modify /etc/ldap/slapd.conf

vi /etc/ldap/slapd.conf

Include pureftpd.schema after iredmail.schema:

include /etc/ldap/schema/iredmail.schema
include /etc/ldap/schema/pureftpd.schema    # <-- Add this line.

Add index for attributes defined in pureftpd.schema:

# Default index.
#
index objectClass                                   eq,pres
index ou,cn,mail,surname,givenname,telephoneNumber  eq,pres,sub
index uidNumber,gidNumber,loginShell                eq,pres
index uid,memberUid                                 eq,pres,sub
index nisMapName,nisMapEntry                        eq,pres,sub
# <-- Add the below
#Index for FTP attrs.
index FTPQuotaFiles,FTPQuotaMBytes eq,pres
index FTPUploadRatio,FTPDownloadRatio eq,pres
index FTPUploadBandwidth,FTPDownloadBandwidth eq,pres
index FTPStatus,FTPuid,FTPgid,FTPHomeDir eq,pres

 

8 Create FTP Home Dir

FTP data are all stored in the /home/ftp/ directory. Create /home/ftp/, owner must be the root user.

mkdir /home/ftp/
ls -dl /home/ftp
drwxr-xr-x 2 root root 4096 Oct 3 16:53 /home/ftp

 

9 Restart OpenLDAP Service To Make pureftpd.schema Work

/etc/init.d/slapd restart
/etc/init.d/pure-ftpd-ldap restart

Make sure pure-ftpd is running:

# netstat -ntlp | grep pure-ftpd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 12548/pure-ftpd (SE
tcp6 0 0 :::21 :::* LISTEN 12548/pure-ftpd (SE
Share this page:

0 Comment(s)