How-To set up a LDAP server and its clients — page 2

1 minute read

2. Configuring the clients

Each client will need a set of packages. So, now that you are logged on one of your clients, install:

# apt-get install libnss-ldap libpam-ldap nscd
LDAP Account for root: cn=admin,dc=debuntu,dc=local
Password: XXXX
Make local root database admin: yes
Database require logging in: No
Root login account: cn=admin,dc=debuntu,dc=local
Root login password: XXXX

libnss-ldap will allow us to use ldap as a naming service, libpam-ldap allows pm to authenticate users through LDAP and finally nscd is a password, group and host lookup daemon which caches result so LDAP won’t be questionned any time the authentication as to be done.

Now, let’s edit the files and make sure you get the following setting. Starting with /etc/libnss-ldap.conf

host ldap
base dc=debuntu,dc=local
rootbinddn cn=admin,dc=debuntu,dc=local

and the secret in /etc/libnss-ldap.secret


Then /etc/pam_ldap.conf:

host ldap
base dc=debuntu,dc=local
rootbinddn cn=admin,dc=debuntu,dc=local

and /etc/pam_ldap.secret:


pam configuration files need to be modfied a bit like:


account sufficient
account required
# if you want user homedir to be created on first login
#session required umask=0022 skel=/etc/skel/ silent


auth sufficient
auth required nullok_secure use_first_pass


password sufficient
password required nullok obscure min=4 max=8 md5


session sufficient
session required
session optional

Finally, let’s edit nsswitch so the system will be able to switch from local system authentication to ldap authentication.


passwd: files ldap
group: files ldap
shadow: files ldap

With this settings, login is going to be tried agains the local system users first. If it cannot find a match, it will then try to authenticate against the ldap server.

Now, you should be able to connect on any client by using any LDAP user details.

This tutorial is far from being complete, but you should be able to get started :).