Scribd
Upload
71 views

How To Ldap Client

This document provides instructions for configuring an LDAP client on Ubuntu 10.04 (Lucid Lynx) to authenticate against an existing LDAP server. It describes installing LDAP libraries and utilities, configuring LDAP configuration files, updating name service switches, and testing the LDAP connection. Edits are made to files such as /etc/ldap.conf, /etc/ldap/ldap.conf, and /etc/nsswitch.conf to configure the client to query the LDAP server for authentication.

Uploaded by

Roman Arranz Guerrero
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
71 views

How To Ldap Client

This document provides instructions for configuring an LDAP client on Ubuntu 10.04 (Lucid Lynx) to authenticate against an existing LDAP server. It describes installing LDAP libraries and utilities, configuring LDAP configuration files, updating name service switches, and testing the LDAP connection. Edits are made to files such as /etc/ldap.conf, /etc/ldap/ldap.conf, and /etc/nsswitch.conf to configure the client to query the LDAP server for authentication.

Uploaded by

Roman Arranz Guerrero
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

HOWTO: LDAP Client on 10.

04 Lucid Lynx
This is essentially the same as my previous Hardy Heron LDAP howto but with some steps removed. Rather than edit the old article I thought I'd just reproduce it with the appropriate parts omitted. This howto is also relevant to Jaunty and Karmic. The LDAP Server howto can be found here. PLATFORMS TESTED: Ubuntu 10.04 LTS (Lucid), Ubuntu 11.04 LTS (Natty) PREREQUISITES: * A vanilla Ubuntu 10.04 (or later) desktop or server install. * You have shared your user home directories from an NFS server * You have successfully installed a working LDAP server Network overview; * domain name: tuxnetworks.com * Servername/IP: ldap.tuxnetworks.com 10.1.1.5 * The user "brettg" is a valid LDAP user on your server. We are going to set up a Lucid client connected to an LDAP server. We should aready have our home directories mounted via NFS.

~$ sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils


You will again be asked a bunch of questions;

LDAP server Uniform Resource Identifier: ldap://ldap.tuxnetworks.com Distinguished name of the search base: dc=tuxnetworks,dc=com ldap://ldap.tuxnetworks.com 3 Make local root Database admin: Yes Does the LDAP database require login? No LDAP account for root: cn=admin,dc=tuxnetworks,dc=com LDAP root password: (The server LDAP root password)
Now we need to edit the following files;

~$ sudo vi /etc/ldap.conf
and edit these lines to look like this;

bind_policy soft pam_password crypt


Find the line that begins with uri ldapi:// . . . Comment the line out and replace it with a line like so;

uri ldap://ldap.tuxnetworks.com/
Edit this file;

~$ sudo vi /etc/ldap/ldap.conf
Edit it to look like this;

BASE URI

dc=tuxnetworks,dc=com ldap://ldap.tuxnetworks.com 0 0 never

SIZELIMIT TIMELIMIT DEREF

Edit nsswitch.conf

~$ sudo vi /etc/nsswitch.conf
Enter the following lines;

passwd: group: shadow: hosts: networks: protocols: services: ethers: rpc:

files ldap files ldap files ldap files dns files db db db db files files files files

Now update nss to use ldap.

~$ sudo nss_updatedb ldap passwd... done. group... done.


Note: If you get an error . . .

Failed to enumerate nameservice: No such file or directory


. . . then check that your uri line in /etc/ldap.conf is correct and the address is pingable. You should now be able to check the server with;

~$ ldapsearch -x
That command should output a tonne of stuff from the server LDAP directory.

getent passwd
You should now be able to login to the client via ssh using the user "brettg"s credentials

brettg@jupiter:~$ ssh brettg@galileo Welcome to Ubuntu 11.04 (GNU/Linux 2.6.38-8-generic x86_64) * Documentation: https://help.ubuntu.com/

Last login: Fri Jun 24 14:13:05 2011 from 10.1.1.80 brettg@galileo:~$


Take a look at your passwd file to make double sure you are not logging in using local auth;

grep brettg /etc/passwd


If that returns a line then you are probably logged in using a local user. Remove that line from /etc/passwd and try again. For Gnome Desktop users. Assigning users to the correct groups at login, create a new file called group.conf and place the following line in it;

vi /etc/security/group.conf gdm;*;*;Al0000-9000;floppy,audio,cdrom,video,plugdev,scanner
We also need to tell pam to use the group.conf settings;

vi /etc/pam.d/gdm
Add this line;

auth optional pam_group.so


Reboot your PC and you should be able to login to gnome using ldap!

You might also like