OpenLDAP 使用 Berkeley DB (一个层次型数据库,注意:与RDBMS不同) 存储数据
7.1 配置OpenLDAP
[root@linux root]vi /etc/openldap/slapd.conf
include /etc/openldap/schema/pureftpd.schema
suffix "dc=gdfz,dc=com"
rootdn "cn=Manager,dc=gdfz,dc=com"
rootpw {crypt}sa0hRW/W3DLvQ
[root@linux root]service ldap restart
7.2 rootdn的结构
rootdn:dc=gdfz,dc=com
|-----cn=one, dc=gdfz,dc=com
| |--- objectClass: posixAccount
| |---cn: joe
| |---uid: joe
| |---uidNumber: 500
| |---gidNumber: 500
| |---homeDirectory: /home/joe
| |---userPassword: {crypt}saO3qRXM8wjUE
|---- cn=xxx-1, dc=gdfz,dc=com
| |--- …………………………
| |--- …………………………
|---- cn=xxx-n, dc=gdfz,dc=com
|---- ou=two, dc=gdfz,dc=com
| |---- cn=one,ou=two, dc=gdfz,dc=com
| | |--- objectClass: posixAccount
| | |---cn: joe
| | |---uid: joe
| | |---uidNumber: 500
| | |---gidNumber: 500
| | |---homeDirectory: /home/joe
| | |---userPassword: {crypt}saO3qRXM8wjUE
| |---- cn=two,ou=two, dc=gdfz,dc=com
| | |--- …………………………
| | |--- …………………………
| |---- cn=there,ou=two, dc=gdfz,dc=com
|---- ou=other, dc=gdfz,dc=com
|---- cn=one,ou=other, dc=gdfz,dc=com
|---- cn=two,ou=other, dc=gdfz,dc=com
7.3 创建dn
[root@linux root]# cat base-dn.ldif
dn: dc=gdfz,dc=com
objectClass: person
cn: gdfz
sn: gdfz
ldapadd -x -D "cn=manager,dc=gdfz,dc=com" -w [你的rootpw密码] -f base-dn.ldif
[root@linux etc]# cat pureftpd.ldif
dn: cn=joe,dc=gdfz,dc=com
objectClass: posixAccount
cn: joe
uid: joe
uidNumber: 500
gidNumber: 500
homeDirectory: /home/joe
userPassword: {crypt}saO3qRXM8wjUE
[root@linux root]#ldapadd -x -D "cn=manager,dc=gdfz,dc=com" -w [你的rootpw密码] -f pureftpd.ldif
[root@linux root]# cat pureftpd.ldif
dn: uid=chen,dc=gdfz,dc=com
objectClass: posixAccount
cn: chen
uid:chen
uidnumber:501
gidNumber:501
homeDirectory: /home/chen
userPassword: {crypt}$1$chen$y13/Ao8O3O/9jhSSCPFZg0
objectClass: PureFTPdUser
FTPStatus: enabled
FTPQuotaFiles: 50
FTPQuotaMBytes: 10
FTPDownloadBandwidth: 50
FTPUploadBandwidth: 50
FTPDownloadRatio: 5
FTPUploadRatio: 1
[root@linux root]# ldapadd -x -D "cn=manager,dc=gdfz,dc=com" -w [你的rootpw密码] -f pureftpd.ldif
7.4 pureftpd-ldap.conf
LDAPServer localhost
# Optional : server port. Default : 389
LDAPPort 389
# Mandatory : the base DN to search accounts from. No default.
LDAPBaseDN dc=gdfz,dc=com
# Optional : who we should bind the server as.
# Default : binds anonymously
LDAPBindDN cn=Manager,dc=gdfz,dc=com
# Password if we don't bind anonymously
# This configuration file should be only readable by root
LDAPBindPW chen
7.5 测试pureftpd
启动pureftpd
[root@linux root]# /usr/local/pureftpd/bin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf
测试pureftpd
[root@linux root]ncftp ftp://chen:passwd@localhost:21