by Punya Mall
Novell FTP is available as part of OES2 services and has one of the most complete implementation of the FTP protocol specifications. The underlying architecture of Novell FTP is that of Pure-FTP which is a production level server being very secure with the default configuration itself.
Novell FTP is the Pure-FTP integration with eDirectory for LDAP based authentication. This appnote is useful for administrators who want to use eDirectory instead of open-LDAP for user authentication.
Installation of Novell FTP pattern and configuration of LDAP Client.
Installation of Novell FTP
- During installation of OES Services, in the Software Selection and System Tasks screen, select the Novell FTP option. This selection by default will also install eDir and other dependant components. Click Accept.
- After installation the system will reboot for the changes to take effect. In case of Post-Installation of Cypress, only the eDir service needs a reboot and not the entire server.
Configuring LDAP Client
The LDAP client (/etc/ldap.conf) needs to be configured to point towards eDirectory server. You can also use YaST-> Network Services-> LDAP Client to do the same. Basically you should make sure the following options are configured:
- Select Do Not Use LDAP under the User Authentication section (unless you plan to use that Open-LDAP server for system-wide user authentication)
- Fill in the LDAP server address & the LDAP base DN. Generally if eDir is installed it would refer to the eDirectory address and base DN. Alternatively you can enter the parameters of host & base DN options in ldap.conf file.
- Select LDAP TLS/SSL if your LDAP server needs it. Alternatively we can add ssl start_tls in ldap.conf file.
- If your LDAP server is eDirectory, click on the Advanced Configuration section, under Client Settings make sure the Password Change Protocol is set to nds. Alternatively you can add pam_password nds in ldap.conf file.
- Fill in the rest of the fields as appropriate or you may leave it blank and proceed.
Starting the FTP Server
Basically no further changes are required for the eDirectory integration, but some changes are required in the pure-ftpd.conf file for users to login and use the service successfully. Although not mandatory, these are some points which needs to be taken care of.
- Open the /etc/pure-ftpd/pure-ftpd.conf file.
- Comment out the AnonymousOnly parameters to prevent anonymous logins.
- Uncomment the CreateHomeDir option.
- If firewall is running, where we need to make changes both in /etc/pure-ftpd/pure-ftpd.conf file as well as in the YaST2 firewall. For the /etc/pure-ftpd/pure-ftpd.conf file we need to uncomment the PassivePortRange with a valid or the default range and then add that range into YaST2> Security and Users> Firewall> Allowed Services> Advanced> TCP Ports with the format shown in this example (for eg: 30000:50000).
- Start the server with the rcpure-ftpd start command.
- Check the status of the server, using the rcpure-ftpd status command.
Stopping the FTP Server
To stop the FTP Server, use the rcpure-ftpd stop command
This appnote is useful for administrators who want to use eDirectory instead of open-LDAP for user authentication. After configuring the LDAP client as mentioned above the pure-ftpd server shall start authenticating based on eDirectory users. Depending upon the requirements the pure-ftpd.conf can be further modified to suit the environment accordingly.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.