Configure LDAP Client on Ubuntu 20.04|18.04|16.04 | ComputingForGeeks

Jovan Stosic April 24, 2021

Configure LDAP Client on Ubuntu 20.04|18.04|16.04

By

Josphat Mutai

62725
2
You can support us by downloading this article as PDF from the Link below.Download the guide as PDF

This is a guide on how to configure an Ubuntu 20.04|18.04 & Ubuntu 16.04 LTS servers to authenticate against an LDAP directory server. LDAP is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services.

I expect you already have a running LDAP server, if not, use our guides below to set it up:

How to Install and configure OpenLDAP on Ubuntu LTS

Once you have LDAP server configured and user accounts added, you can proceed to install and configure LDAP client.

Install and Configure LDAP Client on Ubuntu 20.04|18.04 & Ubuntu 16.04 LTS

Add LDAP server address to /etc/hosts file if you don’t have an active DNS server in your network.

$ sudo vim /etc/hosts
192.168.18.50 ldap.example.com

Install LDAP client utilities on your Ubuntu system:

sudo apt -y install libnss-ldap libpam-ldap ldap-utils

Begin configuring the settings to look like below

1. Set LDAP URI- This can be IP address or hostname

ldap client ubuntu 18.04 add uri min

2. Set a Distinguished name of the search base

ldap client ubuntu 18.04 set search base distinguished name min

3. Select LDAP version 3

ldap client ubuntu 18.04 set ldap version min

4. Select Yes for Make local root Database admin

ldap client ubuntu 18.04 make local root database admin min

5. Answer No for Does the LDAP database require login?

ldap client ubuntu 18.04 does ldap require login no min

6. Set LDAP account for root, something like cn=admin,cd=example,cn=com

ldap client ubuntu 18.04 set admin ldap account min

7. Provide LDAP root account Password

ldap client ubuntu 18.04 enter ldap admin pass min

After the installation, edit /etc/nsswitch.confand add ldap authentication to passwd and group lines.

passwd: compat systemd ldap
group: compat systemd ldap
shadow: compat

Modify the file /etc/pam.d/common-password. Remove use_authtok on line 26 to look like below.

password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass

Enable creation of home directory on first login by adding the following line to the end of file /etc/pam.d/common-session

session optional pam_mkhomedir.so skel=/etc/skel umask=077

See below screenshot:

ldap client enable home creation min

Test by switching to a user account on LDAP

root@server1:~# su - jmutai
Creating directory '/home/jmutai'.
jmutai@server1:~$ id
uid=10000(jmutai) gid=10000(sysadmins) groups=10000(sysadmins)

That’s all. If you need advanced centralized user management platform, see

Source: Configure LDAP Client on Ubuntu 20.04|18.04|16.04 | ComputingForGeeks

Configure LDAP Client on Ubuntu 20.04|18.04|16.04 | ComputingForGeeks was last modified: April 24th, 2021 by Jovan Stosic

Leave a Reply