Steps to set up LDAP client

How To set-up LDAP clients ? #

This article will help you to set-up Linux client for authenticating via. LDAP incase a user doesn’t exist over the local filesystem.

Every client would require a set of packages. You need to be logged on one of your clients, install:

#apt-get install libnss-ldap libpam-ldap nscd
LDAP Account for root: cn=admin,dc=InslyHost,dc=com
Password: *****
Make local root database admin: yes
Database require logging in: No
Root login account: cn=admin,dc=InslyHost,dc=com
Root login password: *****

Now, the libnss-ldap would enable you to use ldap as a naming service, libpam-ldap permits pm to authenticate users via. LDAP and ultimately nscd is a password, group and host lookup daemon which caches result so LDAP would not be questioned any time the authentication needs to be done.

You are required to make amendments to the files and achieve the below given setting :

#vi /etc/libnss-ldap.conf
host ldap
base dc=inslyHost,dc=com
rootbinddn cn=admin,dc=InslyHost,dc=com

#vi /etc/libnss-ldap.secret
*****

#vi /etc/pam_ldap.conf
host ldap
base dc=InslyHost,dc=com
rootbinddn cn=admin,dc=inslyHost,dc=com

#vi /etc/pam_ldap.secret
*****

Now, you are required to make amendments to the pam configuration files :

#vi /etc/pam.d/common-account

account sufficient pam_ldap.so
account required pam_unix.so
#if you want user homedir to be created on first login
#session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent

#vi /etc/pam.d/common-auth

auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass

#vi /etc/pam.d/common-password

password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5

#vi /etc/pam.d/common-session

session sufficient pam_ldap.so
session required pam_unix.so
session optional pam_foreground.so

Inorder to enable the system to switch over to the ldap authentication from the local system authentication, you must make changes to the nsswitch .

# vim /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap

By making these amendments, the login would try against the local system users primarily. Incase it does not find a match, it will proceed with trying the authentication against the ldap server.
This would enable you to connect on any client by using any LDAP user details.

 

Like this post ?

Share on your Social Networking Profile ( Facebook, Twitter & Google+ ) and get a flat 10% Recurring discount on our VPS Hosting and Dedicated Servers.

Email us the shared link at : [email protected] or speak to our live chat operator now, by clicking on the “Live Chat” Scroller on the left-hand side of this page and we will provide you with the discount Coupon right away!

Powered by BetterDocs

Leave a Reply

Your email address will not be published. Required fields are marked *

en_USEnglish