Login
Menu

Steps to set up LDAP client

Home / Steps to set up LDAP client

Steps to set up LDAP client

How To set-up LDAP clients ?
This article can assist you to set-up Linux client for authenticating via. LDAP incase a user doesn’t exist over the native filesystem.

Every client would need a set of packages. On one of your clients You need to be logged, install:

#apt-get install libnss-ldap libpam-ldap nscd
LDAP Account for root: cn=admin,dc=eukhost,dc=com
Password: *****
Make local root database admin: yes
Database require logging in: No
Root login account: cn=admin,dc=eukhost,dc=com
Root login password: *****

Now, the libnss-ldap would change you to use ldap as a naming service, libpam-ldap permits pm to authenticate users via. LDAP and ultimately nscd may be a password, group and host search daemon that caches result therefore LDAP wouldn’t be questioned any time the authentication need to be done.

You are required to make modification to the files and follow the below given setting :

#vi /etc/libnss-ldap.conf
host ldap
base dc=eukhost,dc=com
rootbinddn cn=admin,dc=ownwebservsers,dc=com

 

#vi /etc/libnss-ldap.secret
*****

 

#vi /etc/pam_ldap.conf
host ldap
base dc=eukhost,dc=com
rootbinddn cn=admin,dc=ownwebservsers,dc=com

 

#vi /etc/pam_ldap.secret
*****

Now, you are required to make modification to the pam configuration files :

#vi /etc/pam.d/common-account

 

account sufficient pam_ldap.so
account required pam_unix.so
#if you want user homedir to be created on first login
#session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent

 

#vi /etc/pam.d/common-auth

 

auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass

 

#vi /etc/pam.d/common-password

 

password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5

 

#vi /etc/pam.d/common-session

 

session sufficient pam_ldap.so
session required pam_unix.so
session optional pam_foreground.so

Inorder to change the system to switch over to the ldap authentication from the native system authentication, you have to make changes to the nsswitch .

# vim /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap

By creating these amendments, the login would try against the native system users primarily. Incase it doesn’t find a match, it’ll proceed with making an try for the authentication against the ldap server.

This would change you to connect on any client by using any LDAP user details.