Differenze

Queste sono le differenze tra la revisione selezionata e la versione attuale della pagina.

--- documentazione_3di_riservata:manuali_sysadmin:config_pureftp_attribute [2019/01/30 11:58] – epapakroni
+++ documentazione_3di_riservata:manuali_sysadmin:config_pureftp_attribute [Data sconosciuta] (versione attuale) – eliminata - modifica esterna (Data sconosciuta) 127.0.0.1
@@ Linea 1: / Linea 1: @@
-====== Importare schema LDAP ======
-In questo esempio si userà l'importo del schema di Pure FTP.
-a) Creare il file pureftpd.schema con il seguente contenuto:
-<code xml>#
-# pureftpd.schema
-#
-# Pure-FTPd User LDAP Schema
-# See README.LDAP in the Pure-FTPd documentation for more information.
-#
-# Written by Ben Gertzfield <che =AT= debian -DOT- org>
-#
-## Pure-FTPd-related LDAP attributes
-attributetype ( 1.3.6.1.4.1.6981.11.3.1 NAME 'FTPQuotaFiles'
-        DESC 'Quota (in number of files) for an FTP user'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-attributetype ( 1.3.6.1.4.1.6981.11.3.2 NAME 'FTPQuotaMBytes'
-        DESC 'Quota (in megabytes) for an FTP user'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-attributetype ( 1.3.6.1.4.1.6981.11.3.3 NAME 'FTPUploadRatio'
-        DESC 'Ratio (compared with FTPRatioDown) for uploaded files'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-attributetype ( 1.3.6.1.4.1.6981.11.3.4 NAME 'FTPDownloadRatio'
-        DESC 'Ratio (compared with FTPRatioUp) for downloaded files'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-attributetype ( 1.3.6.1.4.1.6981.11.3.5 NAME 'FTPUploadBandwidth'
-        DESC 'Bandwidth (in KB/s) to limit upload speeds to'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-attributetype ( 1.3.6.1.4.1.6981.11.3.6 NAME 'FTPDownloadBandwidth'
-        DESC 'Bandwidth (in KB/s) to limit download speeds to'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-attributetype ( 1.3.6.1.4.1.6981.11.3.7 NAME 'FTPStatus'
-        DESC 'Account status: enabled or disabled'
-        EQUALITY caseIgnoreIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-attributetype ( 1.3.6.1.4.1.6981.11.3.8 NAME 'FTPuid'
-        DESC 'System uid (overrides uidNumber if present)'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-attributetype ( 1.3.6.1.4.1.6981.11.3.9 NAME 'FTPgid'
-        DESC 'System uid (overrides gidNumber if present)'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-attributetype ( 1.3.6.1.4.1.6981.11.3.10 NAME 'FTPHomeDir'
-        DESC 'FTP directory'
-        EQUALITY caseIgnoreIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-## New Pure-FTPd object type
-objectclass ( 1.3.6.1.4.1.6981.11.2.3 NAME 'PureFTPdUser'
-        DESC 'PureFTPd user with optional quota, throttling and ratio'
-        SUP top AUXILIARY
-        MAY ( FTPStatus $ FTPQuotaFiles $ FTPQuotaMBytes $ FTPUploadRatio $
-              FTPDownloadRatio $ FTPUploadBandwidth $ FTPDownloadBandwidth $
-              FTPuid $ FTPgid $ FTPHomeDir ) )</code>
-b) Copiare il file nelle seguenti cartelle:
-  * /etc/ldap/schema/
-  * /usr/share/univention-ldap/schema/
-  * /var/lib/univention-ldap/local-schema/
-c) Aggiungere in /etc/ldap/slapd.conf :
-<code xml># Indexes for Pure-FTPd LDAP attributes.
-index FTPQuotaFiles,FTPQuotaMBytes eq,pres
-index FTPUploadRatio,FTPDownloadRatio eq,pres
-index FTPUploadBandwidth,FTPDownloadBandwidth eq,pres
-index FTPStatus,FTPuid,FTPgid,FTPHomeDir eq,pres</code>
-d) Eseguire i seguenti cli:
-  * ''/usr/sbin/univention-config-registry commit /etc/ldap/slapd.conf''
-  * ''/etc/init.d/slapd crestart''
-====== Creare gli attributi ======
-Creare gli attributi secondo lo schema. Cioè. objectClass è PureFTPdUser e gli attributi con le loro caratteristiche sono:
-  * FTPHomeDir  con valore string /var/ftp
-  * FTPgid con valore integer 1000
-  * FTPuid con valore integer 1000
-  * FTPStatus con valore string enabled/disabled
-Usare il web per creare gli attributi. Andare su LDAP directory. Scegliere dal albero univention-custom attributes. Clicare su **add**. Andate su **Setting: Extended Attribute**. Compilare con il nome del attributo le seguenti:
-  *  Unique name *
-  * UDM CLI name
-  * Short description *
-a) In Module scegliete User.
-b) In LDAP Mapping 'LDAP object class *' è PureFTPdUser e gli attributi secondo lista FTPHomeDir o FTPgid o FTPStatus oppure FTPuid. Clicare 'Remove object class if the attribute is removed'.
-Per ogni attributo si fa lo stesso procedimento.
-c) In UMC inserisci 'Tab name' come il nome del attributo se si desidera.
-d) In 'Data Type' scegli 'Edit after Creation'. Mettere i valori default come sopra indicato.Esempio.Per FTPuid e FTPgid inserire 1000.
-Il valore FTPStatus si puo cambiare nel utente. Se si mette il valore 'disabled', l'utente non puo accedere con FTP.
-====== Config Pure FTP ======
-Questa è la config giusta per l'ambiente 3D.
-<code xml>#############################################
-#                                           #
-# Sample Pure-FTPd LDAP configuration file. #
-# See README.LDAP for explanations.         #
-#                                           #
-#############################################
-# Optional: scheme to connect with to LDAP server. Default: ldap
-# Other possible values: ldaps, ldapi, etc.
-# Remember to set LDAPPort accordingly.
-LDAPScheme ldap
-#VerboseLog yes
-# Optional: name of the LDAP server. Default: localhost
-LDAPServer 10.17.61.254
-#LDAPServer 93.149.47.162
-# Optional: server port. Default: 389
-LDAPPort 7389
-# Mandatory: the base DN to search accounts from. No default.
-LDAPBaseDN dc=3di,dc=it
-# Optional: who we should bind the server as.
-# Default: binds anonymously or binds as 'ftp' user
-LDAPBindDN uid=Manager,dc=3di,dc=it
-# Password if we don't bind anonymously
-# This configuration file should be only readable by root
-LDAPBindPW XcQ91YT3Tk5ToR2i
-# Optional: default UID, when there's no entry in a user object
-LDAPDefaultUID 1000
-# Optional: default GID, when there's no entry in a user object
-LDAPDefaultGID 1000
-# Filter to use to find the object that contains user info
-# \L is replaced by the login the user is trying to log in as
-# The default filter is (&(objectClass=posixAccount)(uid=\L))
-#LDAPFilter (&(uid=%v)(objectclass=posixAccount))
-LDAPFilter (&(objectClass=PureFTPdUser)(uid=\L))
-#LDAPFilter cn=ftpuser,cn=groups,dc=3di,dc=it
-# Attribute to get the home directory
-# Default is homeDirectory (the standard attribute from posixAccount)
-LDAPHomeDir FTPHomeDir
-# LDAP protocol version to use
-# Version 3 (default) is mandatory with recent releases of OpenLDAP.
-# LDAPVersion 3
-# Optional: use TLS to connect to the LDAP server
-# Note: if ldaps scheme is used, this property has no effect
-# LDAPUseTLS  True
-# Can be PASSWORD or BIND.
-# PASSWORD retrieves objects and checks against the userPassword attribute
-# BIND tries to bind
-LDAPAuthMethod PASSWORD
-# Optional: default home directory if there's LDAPHomeDir entry
-# LDAPDefaultHomeDirectory /var/shared</CODE>