ProFTPD+MySQL/OpenLDAP用户认证
一、准备工作下载ProFTPD : ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.7.tar.gz
下载 mod_sql : http://www.lastditcheffort.org/~aah/proftpd/mod_sql/
下载mod_ldap-2.8.10 : http://www.horde.net/~jwm/software/mod_ldap/
二、Proftpd + MySQL
tar xvzf proftpd-version.tar.gz
cd proftpd-version
./configure --prefix=/usr/local/proftpd --with-modules=mod_sql:mod_sql_mysql
make
make install
安装成功后,测试ProFTPD,启动ProFTPD
/usr/local/proftpd/sbin/in.proftpd
如果没有显示任何信息,ProFTPD启动成功。使用系统用户登录Ftp Server
[root@linux sbin]# ftp localhost
Connected to localhost (127.0.0.1).
220 ProFTPD 1.2.7 Server (ProFTPD Default Installation) [linux.xuser.net]
Name (localhost:root):usera
331 Password required for usera.
Password:
230 User usera logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
ProFTPD测试成功,关闭ProFTPD
killall in.proftpd
编辑proftpd.conf文件
vi /usr/local/proftpd/etc/proftpd.conf
添加下面几行参数
<Global>
SQLConnectInfo ftpusers@localhost:3306 root chen
SQLAuthTypes Plaintext
SQLUserInfo users userid passwd uid gid homedir NULL
RequireValidShell off
SQLAuthenticate users groups usersetfast groupsetfast
</Global>
格式说明:
SQLConnectInfo 数据库@主机名:端口 用户 密码
SQLAuthTypes 密码类型(Plaintext明文密码,Crypt DES密码,Backend MySQL password()函数产生的密码)
SQLUserInfo [用户表] [用户名字段] [密码字段] [用户ID] [组ID] [用户目录] NULL
创建ftpusers.sql文件
[mysql@linux mysql]$ vi ftpusers.sql
-- MySQL dump 8.22
--
-- Host: localhost Database: proftpd
---------------------------------------------------------
-- Server version 3.23.52-max
--
-- Table structure for table 'groups'
--
CREATE TABLE groups (
groupname varchar(255) binary NOT NULL default '',
gid int(11) NOT NULL default '0',
members text NOT NULL,
PRIMARY KEY (groupname)
) TYPE=MyISAM;
--
-- Dumping data for table 'groups'
--
INSERT INTO groups VALUES ('nogroup',502,'FTP Group');
--
-- Table structure for table 'users'
--
CREATE TABLE users (
userid varchar(255) binary NOT NULL default '',
passwd varchar(255) binary NOT NULL default '',
uid int(11) default NULL,
gid int(11) default NULL,
homedir varchar(255) default NULL,
shell varchar(255) default NULL,
count int(11) default NULL,
used double(10,1) default '0.0',
quota double(10,1) default '10000000.0',
PRIMARY KEY (userid)
) TYPE=MyISAM;
--
-- Dumping data for table 'users'
--
INSERT INTO users VALUES ('chen','chen',500,500,'/home/samba','/bin/sh',0,0.0,10000000.0);
INSERT INTO users VALUES ('user2','123456',500,500,'/home/samba','/bin/bash',1,0.0,10000000.0);
INSERT INTO users VALUES ('user1','123456',NULL,NULL,'/u01',NULL,1,0.0,10000000.0);
创建数据库与表
[mysql@linux mysql]$ echo "create database ftpusers" | mysql -uroot -pchen
[mysql@linux mysql]$ mysql -uroot -pchen ftpusers < ftpusers.sql
[mysql@linux mysql]$
再次启动ProFTPD
/usr/local/proftpd/sbin/in.proftpd
这次使用MySQL用户登录Ftp Server
显示230 User xxxxx logged in. MySQL认证成功
三、Proftpd + OpenLDAP
tar xvzf proftpd-version.tar.gz
cd proftpd-version
./configure --prefix=/usr/local/proftpd --with-modules=mod_ldap
make
make install
# tar zxvf mod_ldap-2.8.10.tar.gz
将mod_ldap-2.8.10目录下的posixAccount-objectclass和posixGroup-objectclass
复制到OpenLDAP 的schema目录下:
# cp mod_ldap-2.8.10/posix* /etc/openldap/schema/
# vi /etc/openldap/slapd.conf
修改OpenLDAP的配置文件slapd.conf,将这两个文件包含到该文件中:
include /etc/openldap/schema/posixAccount-objectclass
include /etc/openldap/schema/posixGroup-objectclass
重新启动OpenLDAP:
# service ldap restart
Stopping slapd: [ OK ]
Starting slapd: [ OK ]
编辑proftpd.conf文件
vi /usr/local/proftpd/etc/proftpd.conf
添加下面几行参数
<Global>
LDAPServer localhost
LDAPDNInfo cn=your-dn,dc=horde,dc=net dnpass
LDAPDoAuth on "dc=users,dc=horde,dc=net"
</Global>
格式说明:
LDAPServer OpenLDAP服务器
LDAPDNInfo cn=你的-dn,dc=区域名,dc=区域名 dn密码
LDAPDoAuth on "dc=区域名,dc=区域名"
例子:
<Global>
LDAPServer localhost
LDAPDNInfo cn=manager,dc=xuser,dc=net secret
LDAPDoAuth on dc=xuser,dc=net
</Global>
根据自己需要修改mod_ldap-2.8.10目录中的group-ldif和user-ldif文件,并将条目添加到OpenLDAP中:
# ldapadd -x -D "cn=manager,dc=xuser,dc=net" -w secret -f group-ldif
# ldapadd -x -D "cn=manager,dc=xuser,dc=net" -w secret -f user-ldif
显示:adding new entry "cn=mygroup, dc=xuser, dc=net" 添加成功
使用ldapsearch查看记录
# ldapsearch -x -b "dc=xuser,dc=net"
启动ProFTPD:
/usr/local/proftpd/sbin/in.proftpd
使用OpenLDAP用户登录Ftp Server
显示230 User xxxxx logged in. OpenLDAP认证成功
例:
[root@linux mod_ldap-2.8.10]# cat group-ldif
dn: cn=mygroup, dc=xuser, dc=net
objectclass: posixGroup
cn: mygroup
gidNumber: 100
memberUid: user1
memberUid: user2
memberUid: user3
memberUid: user4
memberUid: ftpusersb
memberUid: usera
memberUid: jwm
memberUid: 100
[root@linux mod_ldap-2.8.10]# cat user-ldif
dn: uid=jwm, dc=xuser, dc=net
objectclass: posixAccount
cn: John Morrissey
uid: jwm
uidNumber: 2000
gidNumber: 100
homeDirectory: /home/chen
userPassword: {crypt}*
loginShell: /bin/bash
dn: uid=chen, dc=xuser, dc=net
objectclass: posixAccount
cn: chen
uid: chen
uidNumber: 2000
gidNumber: 100
homeDirectory: /home/chen
userPassword: {crypt}sa7XjjlytXZZ2
loginShell: /bin/bash
dn: cn=ftpuser1, dc=xuser, dc=net
objectclass: posixAccount
cn: ftpuser1
uid: ftpuser1
uidNumber: 2000
gidNumber: 100
homeDirectory: /home/chen
