Strumenti Utente

Strumenti Sito

Ti trovi qui: home » documentazione_3di_riservata » manuali_sysadmin » config_pureftp_attribute
Traccia:
documentazione_3di_riservata:manuali_sysadmin:config_pureftp_attribute

Questa è una vecchia versione del documento!

Indice

Importare schema LDAP

In questo esempio si userà l'importo del schema di Pure FTP.

a) Creare il file pureftpd.schema con il seguente contenuto: 

#
# pureftpd.schema
#
# Pure-FTPd User LDAP Schema
# See README.LDAP in the Pure-FTPd documentation for more information.
#
# Written by Ben Gertzfield <che =AT= debian -DOT- org>
#
 
## Pure-FTPd-related LDAP attributes
 
attributetype ( 1.3.6.1.4.1.6981.11.3.1 NAME 'FTPQuotaFiles'
        DESC 'Quota (in number of files) for an FTP user'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
attributetype ( 1.3.6.1.4.1.6981.11.3.2 NAME 'FTPQuotaMBytes'
        DESC 'Quota (in megabytes) for an FTP user'
        EQUALITY integerMatch        
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
attributetype ( 1.3.6.1.4.1.6981.11.3.3 NAME 'FTPUploadRatio'
        DESC 'Ratio (compared with FTPRatioDown) for uploaded files'
        EQUALITY integerMatch        
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
attributetype ( 1.3.6.1.4.1.6981.11.3.4 NAME 'FTPDownloadRatio'
        DESC 'Ratio (compared with FTPRatioUp) for downloaded files'
        EQUALITY integerMatch        
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
attributetype ( 1.3.6.1.4.1.6981.11.3.5 NAME 'FTPUploadBandwidth'
        DESC 'Bandwidth (in KB/s) to limit upload speeds to'
        EQUALITY integerMatch        
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
attributetype ( 1.3.6.1.4.1.6981.11.3.6 NAME 'FTPDownloadBandwidth'
        DESC 'Bandwidth (in KB/s) to limit download speeds to'
        EQUALITY integerMatch        
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
attributetype ( 1.3.6.1.4.1.6981.11.3.7 NAME 'FTPStatus'
        DESC 'Account status: enabled or disabled'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 
attributetype ( 1.3.6.1.4.1.6981.11.3.8 NAME 'FTPuid'
        DESC 'System uid (overrides uidNumber if present)'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
attributetype ( 1.3.6.1.4.1.6981.11.3.9 NAME 'FTPgid'
        DESC 'System uid (overrides gidNumber if present)'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
attributetype ( 1.3.6.1.4.1.6981.11.3.10 NAME 'FTPHomeDir'
        DESC 'FTP directory'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 
## New Pure-FTPd object type
 
objectclass ( 1.3.6.1.4.1.6981.11.2.3 NAME 'PureFTPdUser'
        DESC 'PureFTPd user with optional quota, throttling and ratio'
        SUP top AUXILIARY
        MAY ( FTPStatus $ FTPQuotaFiles $ FTPQuotaMBytes $ FTPUploadRatio $ 
              FTPDownloadRatio $ FTPUploadBandwidth $ FTPDownloadBandwidth $
              FTPuid $ FTPgid $ FTPHomeDir ) )

b) Copiare il file nelle seguenti cartelle:

  • /etc/ldap/schema/
  • /usr/share/univention-ldap/schema/
  • /var/lib/univention-ldap/local-schema/

c) Aggiungere in /etc/ldap/slapd.conf : 

# Indexes for Pure-FTPd LDAP attributes.
index FTPQuotaFiles,FTPQuotaMBytes eq,pres
index FTPUploadRatio,FTPDownloadRatio eq,pres
index FTPUploadBandwidth,FTPDownloadBandwidth eq,pres
index FTPStatus,FTPuid,FTPgid,FTPHomeDir eq,pres

d) Eseguire i seguenti cli:

  • /usr/sbin/univention-config-registry commit /etc/ldap/slapd.conf
  • /etc/init.d/slapd crestart

Creare gli attributi

Creare gli attributi secondo lo schema. Cioè. objectClass è PureFTPdUser e gli attributi con le loro caratteristiche sono:

  • FTPHomeDir con valore string /var/ftp
  • FTPgid con valore integer 1000
  • FTPuid con valore integer 1000
  • FTPStatus con valore string enabled/disabled

Usare il web per creare gli attributi. Andare su LDAP directory. Scegliere dal albero univention-custom attributes. Clicare su add. Andate su Setting: Extended Attribute. Compilare con il nome del attributo le seguenti:

  • Unique name *
  • UDM CLI name
  • Short description *

a) In Module scegliete User.

b) In LDAP Mapping 'LDAP object class *' è PureFTPdUser e gli attributi secondo lista FTPHomeDir o FTPgid o FTPStatus oppure FTPuid. Clicare 'Remove object class if the attribute is removed'. Per ogni attributo si fa lo stesso procedimento.

c) In UMC inserisci 'Tab name' come il nome del attributo se si desidera.

d) In 'Data Type' scegli 'Edit after Creation'. Mettere i valori default come sopra indicato.Esempio.Per FTPuid e FTPgid inserire 1000.

Il valore FTPStatus si puo cambiare nel utente. Se si mette il valore 'disabled', l'utente non puo accedere con FTP.

Config Pure FTP

Questa è la config giusta per l'ambiente 3D. /etc/pure-ftpd/db/ldap.conf 

#############################################
#                                           #
# Sample Pure-FTPd LDAP configuration file. #
# See README.LDAP for explanations.         #
#                                           #
#############################################
 
 
# Optional: scheme to connect with to LDAP server. Default: ldap
# Other possible values: ldaps, ldapi, etc.
# Remember to set LDAPPort accordingly.
 
LDAPScheme ldap
#VerboseLog yes
 
# Optional: name of the LDAP server. Default: localhost
 
LDAPServer 10.17.61.254
 
 
# Optional: server port. Default: 389
 
LDAPPort 7389
 
 
# Mandatory: the base DN to search accounts from. No default.
 
LDAPBaseDN cn=users,dc=3di,dc=it
 
 
# Optional: who we should bind the server as.
# Default: binds anonymously or binds as 'ftp' user
 
LDAPBindDN uid=Manager,dc=3di,dc=it 
 
 
# Password if we don't bind anonymously
# This configuration file should be only readable by root
 
LDAPBindPW XcQ91YT3Tk5ToR2i
 
# Optional: default UID, when there's no entry in a user object
 
LDAPDefaultUID 1000
 
 
# Optional: default GID, when there's no entry in a user object
 
LDAPDefaultGID 1000
 
 
# Filter to use to find the object that contains user info
# \L is replaced by the login the user is trying to log in as
# The default filter is (&(objectClass=posixAccount)(uid=\L))
 
 
LDAPFilter (&(objectClass=PureFTPdUser)(uid=\L))
 
 
# Attribute to get the home directory
# Default is homeDirectory (the standard attribute from posixAccount)
 
LDAPHomeDir FTPHomeDir 
 
 
# LDAP protocol version to use
# Version 3 (default) is mandatory with recent releases of OpenLDAP.
 
# LDAPVersion 3
 
 
# Optional: use TLS to connect to the LDAP server
# Note: if ldaps scheme is used, this property has no effect
# LDAPUseTLS  True
 
 
# Can be PASSWORD or BIND.
# PASSWORD retrieves objects and checks against the userPassword attribute
# BIND tries to bind
 
LDAPAuthMethod PASSWORD
 
 
# Optional: default home directory if there's LDAPHomeDir entry
 
# LDAPDefaultHomeDirectory /var/shared
/data/attic/documentazione_3di_riservata/manuali_sysadmin/config_pureftp_attribute.1565940658.txt.gz · Ultima modifica: 2019/08/16 09:30 da epapakroni