Ubuntu LDAP Make Home Directory

ubuntu ldap mac-osx-server

I recently asked a question here about getting Ubuntu to authenticate via LDAP against an OS X server. The good news is, I got it to work and the clients are now authenticating, but my problem now is that pam_mkhomdir.so doesn't seem to be doing it's job. Here's my common-session file:

session sufficient pam_ldap.so
session [default=1]                     pam_permit.so
session requisite                       pam_deny.so
session required                        pam_permit.so
session required        pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/
session optional                        pam_ldap.so
session optional                        pam_ck_connector.so nox11
session optional pam_foreground.so

Because of this, every time an LDAP user tries to login, gdm tells them that their home directory is set to /Network/[Servername]/User/[username]. Based on this error, I'm guessing that pam_mkhomedir.so is being overridden by the LDAP provided home path, so my question is: is there a way to have the LDAP user's home directory created locally when they log in instead of it trying to use /Volumes/[Servername]/...?

Thanks in advance

Update: Kamil's response seems to have helped make some progress, but instead of gdm reporting the home directory as being set to /Network/etc..., it's saying it's set to '' (null). I tried using 

nss_map_attribute homeDirectory "/home/$username"

but this gave me the same error. Any ideas?


The way we solved this is to add another attribute to LDAP, something like linuxHomeDirectory . Then you can create a mapping in ldap.conf:

nss_map_attribute homeDirectory linuxHomeDirectory

The for each user you set the attribute in LDAP to the path you want for their Linux home dir, such as /home/$username or whatnot.

If you have your home directories served from OS X server, you can mount those with an automounter in the /Volumes/$servername/$path hierarchy on Linux and then you don't need to do any LDAP attribute mangling.

More info: Here's an article how to extend the LDAP schema in OpenDirectory: http://www.afp548.com/article.php?story=20060228230005854

To populate the user attributes you can use the ldapadd and ldapmodify tools.

Related

verify the date & time on remote linux without using ssh/rsh/ntp? [closed]
.bat file to automatically connect to VPN and add a route in Windows 7
Architecture question: adding SSL into the mix
Standalone tomcat 5.5 can't access other than on localhost
ssl domain problem for signed asterisk certificates
Windows ACL during explorer copy
Cent OS genkey bad certificate request error -8016
Update a DNS to a for a dynamic IP
ProLiant DL580 G7 E7 Upgrade Issue
Group of workstations refuse to SSH to one another, but can connect just fine in and out to others
subversion intermittently hangs (stalls) on commit
SQL Server 2008 Express edition download package