LDAP模块

OpenLDAP 使用 Berkeley DB (一个层次型数据库，注意：与RDBMS不同) 存储数据

7.1 配置OpenLDAP

[root@linux root]vi /etc/openldap/slapd.conf

include /etc/openldap/schema/pureftpd.schema

suffix "dc=gdfz,dc=com"

rootdn "cn=Manager,dc=gdfz,dc=com"

rootpw {crypt}sa0hRW/W3DLvQ

[root@linux root]service ldap restart

7.2 rootdn的结构

rootdn:dc=gdfz,dc=com

|-----cn=one, dc=gdfz,dc=com

| |--- objectClass: posixAccount

| |---cn: joe

| |---uid: joe

| |---uidNumber: 500

| |---gidNumber: 500

| |---homeDirectory: /home/joe

| |---userPassword: {crypt}saO3qRXM8wjUE

|---- cn=xxx-1, dc=gdfz,dc=com

| |--- …………………………

| |--- …………………………

|---- cn=xxx-n, dc=gdfz,dc=com

|---- ou=two, dc=gdfz,dc=com

| |---- cn=one,ou=two, dc=gdfz,dc=com

| | |--- objectClass: posixAccount

| | |---cn: joe

| | |---uid: joe

| | |---uidNumber: 500

| | |---gidNumber: 500

| | |---homeDirectory: /home/joe

| | |---userPassword: {crypt}saO3qRXM8wjUE

| |---- cn=two,ou=two, dc=gdfz,dc=com

| | |--- …………………………

| | |--- …………………………

| |---- cn=there,ou=two, dc=gdfz,dc=com

|---- ou=other, dc=gdfz,dc=com

|---- cn=one,ou=other, dc=gdfz,dc=com

|---- cn=two,ou=other, dc=gdfz,dc=com

7.3 创建dn

[root@linux root]# cat base-dn.ldif

dn: dc=gdfz,dc=com

objectClass: person

cn: gdfz

sn: gdfz

ldapadd -x -D "cn=manager,dc=gdfz,dc=com" -w [你的rootpw密码] -f base-dn.ldif

[root@linux etc]# cat pureftpd.ldif

dn: cn=joe,dc=gdfz,dc=com

objectClass: posixAccount

cn: joe

uid: joe

uidNumber: 500

gidNumber: 500

homeDirectory: /home/joe

userPassword: {crypt}saO3qRXM8wjUE

[root@linux root]#ldapadd -x -D "cn=manager,dc=gdfz,dc=com" -w [你的rootpw密码] -f pureftpd.ldif

[root@linux root]# cat pureftpd.ldif

dn: uid=chen,dc=gdfz,dc=com

objectClass: posixAccount

cn: chen

uid:chen

uidnumber:501

gidNumber:501

homeDirectory: /home/chen

userPassword: {crypt}$1$chen$y13/Ao8O3O/9jhSSCPFZg0

objectClass: PureFTPdUser

FTPStatus: enabled

FTPQuotaFiles: 50

FTPQuotaMBytes: 10

FTPDownloadBandwidth: 50

FTPUploadBandwidth: 50

FTPDownloadRatio: 5

FTPUploadRatio: 1

[root@linux root]# ldapadd -x -D "cn=manager,dc=gdfz,dc=com" -w [你的rootpw密码] -f pureftpd.ldif

7.4 pureftpd-ldap.conf

LDAPServer localhost

# Optional : server port. Default : 389

LDAPPort 389

# Mandatory : the base DN to search accounts from. No default.

LDAPBaseDN dc=gdfz,dc=com

# Optional : who we should bind the server as.

# Default : binds anonymously

LDAPBindDN cn=Manager,dc=gdfz,dc=com

# Password if we don't bind anonymously

# This configuration file should be only readable by root

LDAPBindPW chen

7.5 测试pureftpd

启动pureftpd

[root@linux root]# /usr/local/pureftpd/bin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf

测试pureftpd

[root@linux root]ncftp ftp://chen:passwd@localhost:21