Caching OpenLDAP credentials for offline use on laptops

ubuntu laptop cache openldap

Our clients (Ubuntu 14.04) can login with there LDAP login. As soon as they have no network they cannot login with LDAP.

Is there a way to cache those passwords and usernames, so that the laptops can work if they don't have an LDAP connection?


Debian and Ubuntu provide the libpam-ccreds package, that caches network login credentials. From the package description:

This package provides the means for Linux workstations to locally authenticate using an enterprise identity when the network is unavailable. Used in conjunction with the nss_updatedb utility, it provides a mechanism for disconnected use of network directories. They are designed to work with libpam-ldap and libnss-ldap.


You can use the sssd daemon.

It has a cache credentials feature in the config file:

cache_credentials = true

After login, the user's credentials are cached so that they can log in again without access to the LDAP server.


My OpenLDAP was a basic setup without SSL or TLS I think this was the problem.

I downloaded an appliance for OpenLDAP via http://www.turnkeylinux.org/openldap and setup it within minutes. This appliance has SSL and TLS based on a self signed certificate.

Now with the TLS configured and the self signed cert, the option ldap_tls_reqcert = never must be used in the sssd.conf file.

Related

Browser-based DNS failover using multiple A records
What's the easiest way to auto-backup an EC2 instance? [duplicate]
How do you only tar files in a directory based on a specific file name?
Seamless Remote Desktop Connection
Exchange 2010 Out of office doesn't show original senders email address
How can I see the memory usage of a Linux process?
How can I set up an Amazon RDS for PostgreSQL database to act as a replica to a non-RDS PostgreSQL database?
IP Range for internal private IP of Amazon ELB
Is it possible to limit outgoing emails in Postfix to one specific domain?
How would I add a second physical hard drive to proxmox
Apache: allow local connections to bypass basic authentication
Convert Amazon AMI to VMware image