Posted On March 28, 2019

LDAP Ubuntu Client Setup

kimconnect 0 comments
blog.KimConnect.com >> Linux , Windows >> LDAP Ubuntu Client Setup
Install the client application:
sudo apt-get update
sudo apt-get -y install libnss-ldapd libpam-ldapd ldap-utils nscd
 
During the installation, some variables must be provided as follows:
  1. LDAP server URI: ldaps://LDAPSERVER:PORTNUMBER/
  2. Distinguished name should be as : “dc=kimconnect,dc=com”
  3. LDAP version to use: [default]
  4. Make local root Database admin: [default]
  5. Does the LDAP database require login? No
  6. LDAP account for root: [default or “cn=root,dc=kimconnect,dc=com”]
  7. LDAP root account password: [none or {Your-LDAP-root-password}]
Modify LDAP configs: sudo vim /etc/nslcd.conf
uid nslcd
gid nslcd
uri ldaps://LDAPSERVER:PORTNUMBER/
base dc=kimconnect,dc=com
 
# These are manually added to enable SSL
ssl on
tls_reqcert never
tls_cacertfile /etc/ssl/certs/kimconnect.com.pem
 
Configure authentication:
sudo vim /etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
shadow: compat ldap
 
Set Home Directory:
sudo vim /etc/pam.d/common-session
# Add this line to EOF
session required pam_mkhomedir.so skel=/etc/skel umask=0022
Assign local group to users: run sudo vim /etc/pam.d/common-auth and edit the “primary” block
 
# this is not used currently
auth required pam_group.so use_first_pass
 
# This is used currently
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_ldap.so minimum_uid=1000 use_first_pass
Add Certificates: vim /etc/ldap/ldap.conf
TLS_REQCERT never
TLS_CACERT /etc/ssl/certs/kimconnect.com.pem
TLS_CRLCHECK = allo
 
Configure machine to create home directory for ldap users:
sudo vim /etc/fstab
#### FILESERVER01 HOME DIRECTORY for LDAP USERS ####
FILESERVER01:/mnt/array1/kimconnect_homes /nfs/home nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0
 
Reload LDAP:
sudo pam-auth-update
sudo /etc/init.d/nscd restart
 
Test commands:
id
id {username}
getent passwd
getent shadow
getent group
 
Note: when login using a new account, authentication will build a profile in the background. There shall be a blank page for short while, then user is redirected back to the login screen once more. A second login will successfully connect.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Windows Special Run Commands

File Function Tabs (number in parentheses is index n discussed below) access.cpl Accessibility controls Keyboard(1),…

Nginx Apache SSL Example

-------------- NGINX -> ** /etc/nginx/sites-available/domainx.conf**server {listen 80;servername xxxxx.domainx.com;return 301 https://$host$requesturi;}server {listen 443 ssl;servername xxxxx.domainx.com;sslcertificate /etc/nginx/ssl/cert_domainx.crt;sslcertificatekey…

Distributed File System DFS

Installation:   Public Folder: FILE01 (primary) =>  FILE01 => DC01   Accounting Folder:                  Claims…