How to configure Ubuntu as an LDAP client?

ldap client

Solution 1:

The contents of this post are based on this guide. It should work fine in 12.04.

  1. Issue the following command:

    sudo apt-get install ldap-utils libpam-ldap libnss-ldap nslcd

    Note: During the installation of the above packages a dialog will pop up and ask about some LDAP configuration. Be sure to enter the correct values for your LDAP configuration.

  2. Edit /etc/nsswitch.conf (via sudo). Append "ldap" to these lines:

    #Original file looks like this 
passwd: compat 
group : compat  
shadow: compat 

#After appending "ldap" lines look like these
passwd: compat ldap
group : compat ldap  
shadow: compat ldap

  3. Comment out the line rootbinddn, I'm not sure why we need to do that.

  4. Edit /etc/pam.d/login (via sudo) and paste:

    session required pam_mkhomedir.so skel=/etc/skel umask=0022

  5. Edit /etc/pam.d/lightdm (via sudo) and paste:

    session required pam_mkhomedir.so skel=/etc/skel umask=0022

  6. Issue this command:

    sudo update-rc.d nslcd enable

You should be able to log in as an LDAP user after a reboot. If you don't reboot the machine, you must restart nscd with:

/etc/init.d/nscd restart

Likely problems and solutions:

  • Logging in as an LDAP user takes a very long time (minutes): It's very likely that nss-lap is having problems finding the user's group. Make sure that the user is in a group recognized locally, or that the user is in a group defined in LDAP. Make sure that, if the group is defined in LDAP, that it's a real POSIX group.
  • Always check the /var/log/auth.log log file. If you see "unable to contact ldap server", check whether the LDAP server is reachable and the port is open.
  • Try to ping the LDAP server by name
  • Try to check whether the LDAP port is open:
    • LDAP can listen on different ports, but can usually be found on 389 and 636
    • You can check that a port is open by using telnet:
    • telnet 389 or telnet 636
    • If you see any characters on the console then the port is open and the LDAP server should be running.
    • If you see nothing or get an error message, either the LDAP server is not running or something (such as a firewall) is preventing the connection.

Solution 2:

To get the home directory automatically created on login, I had to put the line:

session required pam_mkhomedir.so skel=/etc/skel umask=0022

into /etc/pam.d/common-session instead of /etc/pam.d/login - when I just had it in the later my home directory was not created.

Solution 3:

sudo apt-get install ldap-utils libpam-ldap libnss-ldapd nslcd

Use libnss-ldapd instead.

Per bug:https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/1024475

Related

How do I make Chromium use Flash from Google Chrome?
How can I remove "Set Up Mail" and other entries from the message indicator?
Is there an Ubuntu Touch emulator or a way to install it in a VM?
How to combine multiple commands in terminal?
How to configure my system so that all windows start maximized?
dpkg-divert: error: rename involves overwriting error after upgrading from 16.04 to 16.10
What command is executed when shutdown from the graphical menu in 14.04?
How can I fix Broadcom driver Wifi with 4.15.0-xx kernel on Ubuntu 16.04
How do I enable Middle mouse button emulation in 12.04 LTS?
How can I adjust the transparency of the Status Bar (top panel)?
How to remove xubuntu-desktop?
How do I increase the font size in Ubuntu 18.04 LTS for a HDPI / 4K display?