Ldap user login

After having set up a ldap replica on my home server it seems to be a good idea to use this ldap to manage the user accounts. Or to enable the existing accounts in the ldap to log in the server.
In this post I’m going to describe my setup of ldap user login.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Remove group users

I’m removing the group users as this group is being managed within my ldap.

groupdel users

Install necessary software

It’s not much needed:

aptitude install libnss-ldap libpam-ldap

After installing, debconf will ask for quite a lot of configuration info. After providing this the main work is almost done.

Check and finish configuration

Although the big part of the config is already done, have a look at /etc/libnss-ldap.conf Watch the following settings:

base dc=example,dc=net
uri ldapi:///localhost
ldap_version 3

rootbinddn cn=admin,dc=example,dc=com
scope one
timelimit 3
bind_timelimit 3

pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUid

pam_min_uid 1000
pam_max_uid 5000
pam_password exop

nss_base_passwd ou=people,dc=example,dc=com
nss_base_shadow ou=people,dc=example,dc=com
nss_base_group  ou=groups,dc=example,dc=com

The edit /etc/nssswitch.conf to look like:

passwd:         files ldap
group:          files ldap
shadow:         files ldap

Enable ldap user login and testing

Enable the settings by restarting the name service cache daemon

/etc/init.d/nscd restart

Issue

getent passwd

to get a list of all users and

getent group

to get a list of all groups. Users and groups managed in the ldap should appear here.
Now ldap user login should be working for all users stored in the ldap. They have to members of the group users in the ldap of course.

2 Comments

  1. Pingback: Samba shares with LDAP

  2. In Debian 8 “Jessie” settings have been moved from /etc/libnss-ldap.conf to /etc/libpam-ldap.conf.

Leave a Reply

Your email address will not be published. Required fields are marked *