LDAP Ubuntu Client Setup

sudo apt-get update

sudo apt-get -y install libnss-ldapd libpam-ldapd ldap-utils nscd

 

During the installation, some variables must be provided as follows:

Modify LDAP configs: sudo vim /etc/nslcd.conf

uid nslcd

gid nslcd

uri ldaps://LDAPSERVER:PORTNUMBER/

base dc=kimconnect,dc=com

 

# These are manually added to enable SSL

ssl on

tls_reqcert never

tls_cacertfile /etc/ssl/certs/kimconnect.com.pem

passwd: compat ldap

group: compat ldap

shadow: compat ldap

 

sudo vim /etc/pam.d/common-session

# Add this line to EOF

session required pam_mkhomedir.so skel=/etc/skel umask=0022

Assign local group to users: run sudo vim /etc/pam.d/common-auth and edit the “primary” block

 

# this is not used currently

auth required pam_group.so use_first_pass

 

# This is used currently

auth [success=2 default=ignore] pam_unix.so nullok_secure

auth [success=1 default=ignore] pam_ldap.so minimum_uid=1000 use_first_pass

Add Certificates: vim /etc/ldap/ldap.conf

TLS_REQCERT never

TLS_CACERT /etc/ssl/certs/kimconnect.com.pem

TLS_CRLCHECK = allo

#### FILESERVER01 HOME DIRECTORY for LDAP USERS ####

FILESERVER01:/mnt/array1/kimconnect_homes /nfs/home nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0

 

sudo pam-auth-update

sudo /etc/init.d/nscd restart

 

id

id {username}

getent passwd

getent shadow

getent group

 

Note: when login using a new account, authentication will build a profile in the background. There shall be a blank page for short while, then user is redirected back to the login screen once more. A second login will successfully connect.