Ashoori Group

Ashoori Group | Homepage

  • Increase font size
  • Default font size
  • Decrease font size

Setting up LDAP

06/30/2015

sudo apt-get update

sudo apt-get install nslcd

There will be a few prompts:

LDAP server URI: ldap://192.168.0.1

LDAP server search base: dc=ashoori,dc=edu

Just hit OK at the next screen.

Edit nsswitch.conf:

sudo vim /etc/nsswitch.conf

Edit nsswitch.conf:

sudo vim /etc/nsswitch.conf

On lines 7, 8, and 9 (starting with passwd, group, and shadow respectively) add the word ldap after compat with a space in between. Save and quit.

Edit /etc/pam.d/common-auth:

sudo vim /etc/pam.d/common-auth

At the bottom, add the following line:

session required pam_mkhomedir.so skel=/etc/skel umask=0022

Restart nscd and nslcd:

sudo service nscd restart

sudo service nslcd restart

Test by typing: id (your electron login name)


--- old ---

This assumes that your user ID (UID) on the local machine and your UID on electron match.  Use these instructions to change your UID if need be. (note: if your user ID doesn't exist on the local machine BEFORE setting up LDAP, there is no need to create one. All you need to install LDAP on the local machine is a root account).

Make sure the network turns on at boot.
As root: edit /etc/network/interfaces
Add lines to end:


auto eth0
iface eth0 inet dhcp

Note: On current versions of Ubuntu, all you need to do is uncomment the "iface" line; they're already there.


Installing ldap auth on Ubuntu

Make sure root has a password (type "sudo passwd root" to do so)

apt-get install libnss-ldap

A somewhat archaic-looking selection prompt should appear. Enter the following:

Server is ldap://192.168.0.1/    (The first prompt will read "ldapi:///". We will be using ldap as opposed to ldapi. The extra "/" is apparently due to the program's assumption that the host server is on the current machine [in our case this is what the line would read if you left out "192.168.0.1"]. If you can change it here, make sure the line reads ldap://192.168.0.1/, otherwise you'll have to change it in the /etc/ldap.conf file as mentioned below. Remember to run sudo service libnss-ldap restart if you do change it.)

distinguished name is dc=electron

ldap version 3

do not make local root database admin

ldap does not require login

all other settings accept default.

Make sure that /etc/ldap.conf reads "uri ldap://192.168.0.1/". The installer seems to like to throw in an extra "/". If you change this file, restart ldap by running: sudo service libnss-ldap restart

Run:

sudo auth-client-config -t nss -p lac_ldap
sudo pam-auth-update
apt-get install nscd


Debian:

apt-get install libnss-ldap

Server is ldap:///192.168.0.1/
distinguished name is dc=electron
ldap version 3
do not make local root database admin
ldap does not require login
all other settings accept default.

edit /etc/nsswitch.conf
Add the word ldap after compat on the passwd, group, shadow lines so it reads

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

 

FOR ALL OPERATING SYSTEMS:


Copy /etc/pam.d/common-auth off another lab ubuntu machine, such as spin (or just copy the last line).

restart nscd:

/etc/init.d/nscd restart

 


Useful link:

 

http://www.debuntu.org/ldap-server-and-linux-ldap-clients