{"id":446,"date":"2013-05-09T11:05:56","date_gmt":"2013-05-09T10:05:56","guid":{"rendered":"http:\/\/blog.thogersens.net\/?p=446"},"modified":"2015-01-10T21:29:14","modified_gmt":"2015-01-10T19:29:14","slug":"ubuntu-ldap-client-config","status":"publish","type":"post","link":"https:\/\/jakobsens.net\/?p=446","title":{"rendered":"Ubuntu LDAP Client Config"},"content":{"rendered":"<p><strong>The below is copied from the blog <a href=\"http:\/\/devnotcorp.wordpress.com\/2011\/05\/10\/ldap-authentication-for-ubuntu-client\/\">devnotcorp<\/a><\/strong><br \/>\nIt&#8217;s the simplest way I have found enabling LDAP authentication for Ubuntu. I have tested it on Ubuntu 13.04<\/p>\n<p style=\"padding-left: 30px;\">1. <strong>sudo apt-get install libnss-ldap libpam-ldap ldap-auth-config<br \/>\n<\/strong><\/p>\n<p style=\"padding-left: 60px;\">Installs auth-client-config ldap-auth-client ldap-auth-config libnss-ldap libpam-ldap and configures \/etc\/ldap.conf.<br \/>\nDuring install the following settings can be configured:<\/p>\n<p style=\"padding-left: 60px;\">Should debconf manage LDAP configuration? Yes<br \/>\nLDAP server Uniform Resource Identifier: ldapi:\/\/ldap.mydomain<br \/>\nIf you see errors like the following in your \/var\/log\/auth.log, try to change ldapi to ldap:<br \/>\nMay 10 12:47:30 sonar getent: nss_ldap: could not connect to any LDAP server as (null) &#8211; Can&#8217;t contact LDAP server<br \/>\nMay 10 12:47:30 sonar getent: nss_ldap: failed to bind to LDAP server ldapi:\/\/ldap.mydomain: Can&#8217;t contact LDAP server<br \/>\nMay 10 12:47:30 sonar getent: nss_ldap: could not search LDAP server &#8211; Server is unavailable<br \/>\nDistinguished name of the LDAP search base: dc=mydomain,dc=com<br \/>\nLDAP version to use: 3<br \/>\nMake local root Database admin: No<br \/>\nDoes the LDAP database require login? No<br \/>\nLocal crypt to use when changing passwords: md5<\/p>\n<p style=\"padding-left: 60px;\">You can reconfigure the settings later on with<br \/>\nsudo dpkg-reconfigure ldap-auth-config<\/p>\n<p style=\"padding-left: 30px;\">2. <strong>sudo auth-client-config -t nss -p lac_ldap<\/strong><\/p>\n<p style=\"padding-left: 60px;\">Configures \/etc\/nssswitch.conf.<\/p>\n<p style=\"padding-left: 30px;\">3. <strong>sudo pam-auth-update<\/strong><\/p>\n<p style=\"padding-left: 60px;\">Configures \/etc\/pam.d\/common-session.<br \/>\nSelect the authentication methods to enable.<\/p>\n<p>Now you can login to this client using your username and password stored in the LDAP directory, but you have no homedir.<\/p>\n<p>So add this line to \/etc\/pam.d\/common-session:<\/p>\n<p style=\"padding-left: 30px;\">4. <strong>session required pam_mkhomedir.so skel=\/etc\/skel\/ umask=0022<br \/>\n<\/strong><\/p>\n<p style=\"padding-left: 60px;\">Creates homedir for user if it doesn\u2019t exist.<\/p>\n<p>To be able to type in user name during login (found as a comment for another LDAP client configuration)<\/p>\n<p style=\"padding-left: 30px;\">5. <strong>sudo \/usr\/lib\/lightdm\/lightdm-set-defaults -m true<\/strong><\/p>\n<p>That&#8217;s it \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The below is copied from the blog devnotcorp It&#8217;s the simplest way I have found enabling LDAP authentication for Ubuntu. I have tested it on Ubuntu 13.04 1. sudo apt-get install libnss-ldap libpam-ldap ldap-auth-config Installs auth-client-config ldap-auth-client ldap-auth-config libnss-ldap libpam-ldap and configures \/etc\/ldap.conf. During install the following settings can be configured: Should debconf manage LDAP [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-446","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/jakobsens.net\/index.php?rest_route=\/wp\/v2\/posts\/446","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jakobsens.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jakobsens.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jakobsens.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jakobsens.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=446"}],"version-history":[{"count":7,"href":"https:\/\/jakobsens.net\/index.php?rest_route=\/wp\/v2\/posts\/446\/revisions"}],"predecessor-version":[{"id":735,"href":"https:\/\/jakobsens.net\/index.php?rest_route=\/wp\/v2\/posts\/446\/revisions\/735"}],"wp:attachment":[{"href":"https:\/\/jakobsens.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jakobsens.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jakobsens.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}