首页 > 代码库 > 通过LDAP管理VSFTP帐户
通过LDAP管理VSFTP帐户
yum install -y openldap openldap-servers openldap-clients pam_ldap nss-pam-ldapd vsftpd
slappasswd #记录备用 {SSHA}70WfjeJVZhmGy0wfSUKcOGsKPgLR7/ae
cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf
vi /etc/openldap/slapd.conf
修改
suffix "dc=dsideal,dc=com"
rootdn "cn=admin,dc=dsideal,dc=com"
rootpw {SSHA}O8cf4DWh2Lg4hbGDya6d2bj0apPWJLoA
#测试配置文件
slaptest -u -f /etc/openldap/slapd.conf
提示:config file testing succeeded
rm -rf /etc/openldap/slapd.d/
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap.ldap /var/lib/ldap/DB_CONFIG
#启动
/etc/init.d/slapd start
authconfig-tui
vi /etc/openldap/ldap.conf
#增加
URI ldap://127.0.0.1
BASE dc=dsideal,dc=com
mkdir /usr/local/ldapuser
vi /usr/local/base.ldif
dn:dc=dsideal,dc=com
dc:dsideal
objectClass:top
objectClass:domain
dn:ou=ftpPeople,dc=dsideal,dc=com
ou:ftpPeople
objectClass:top
objectClass:organizationalUnit
dn:ou=ftpGroup,dc=dsideal,dc=com
ou:ftpGroup
objectClass:top
objectClass:organizationalUnit
#执行
ldapadd -x -D "cn=admin,dc=dsideal,dc=com" -w dsideal -f /usr/local/base.ldif
vi /usr/local/ftpgroup.ldif
dn:cn=ldapftp,ou=ftpGroup,dc=dsideal,dc=com
objectClass:posixGroup
objectClass:top
cn:ldapftp
gidNumber:1500
#执行
ldapadd -x -D "cn=admin,dc=dsideal,dc=com" -w dsideal -f /usr/local/ftpgroup.ldif
vi /usr/local/ftpuser.ldif
dn:uid=ftpuser1,ou=ftpPeople,dc=dsideal,dc=com
uid:ftpuser1
cn:ftpuser1
objectClass:account
objectClass:posixAccount
objectClass:top
objectClass:shadowAccount
userPassword:123456
shadowLastChange:13048
shadowMax:99999
shadowWarning:7
loginShell:/sbin/nologin
uidNumber:1500
gidNumber:1500
homeDirectory:/usr/local/ldapuser
gecos:ldapuser
#执行
ldapadd -x -D "cn=admin,dc=dsideal,dc=com" -w dsideal -f /usr/local/ftpuser.ldif
#执行
ldapsearch -x -D "cn=admin,dc=dsideal,dc=com" -w dsideal
ldapsearch -x -D "cn=admin,dc=dsideal,dc=com" -w dsideal -b "uid=ftpuser1,ou=ftpPeople,dc=dsideal,dc=com"
#检查LDAP用户
getent passwd ftpuser1
vi /etc/pam.d/vsftpd
增加2行
#把这行放在第一个auth项
auth sufficient pam_ldap.so
#把这行放在第一个account项
account sufficient pam_ldap.so
vi /etc/vsftpd/vsftpd.conf
#修改如下配置
anonymous_enable=NO #不允许匿名用户访问
anon_upload_enable=YES
anon_mkdir_write_enable=YES #开启这项和上一项才能上传文件和文件夹
chroot_local_user=YES
#增加下面一行
local_root=/usr/local/ldapuser
/etc/init.d/vsftpd restart
通过LDAP管理VSFTP帐户