Sunday, 29 June 2014

setup openldap client

(1)  Installing the following softwares:
apt-get install ldap-utils libpam-ldap libnss-ldap nslcd
During the installation,  you may be asked to input several prompt:
   a). configuring ldap-auth-config with initial:
         ldapi:///
       we need to change this to:
         ldap://macondo04.eait.uq.edu.au
       note that it is ladp rather ladpi. also note that there are only two "/" rather than three
    b). Distinguished name of the search base. change this to 
         dc=macondo04,dc=eait,dc=uq,dc=edu,dc=au
    c). LADP version to use: Select 3
    d). make local root database admin: select Yes
    e). Does the LDAP database require login?  No
     f). LDAP account for root:
         cn=admin,dc=macondo04,dc=eait,dc=uq,dc=edu,dc=au
    g). LDAP root account password: Your-LDAP-root-password
    h). LDAP server URI: 
          ldap://macondo04.eait.uq.edu.au/
    i).  LDAP server search base: 
          dc=macondo04,dc=eait,dc=uq,dc=edu,dc=au

 This wizzard is actually a procedure to configure /etc/ldap.conf. make sure it looks like this:
base dc=macondo04,dc=eait,dc=uq,dc=edu,dc=au
uri ldapi://macondo04.eait.uq.edu.au
ldap_version 3
rootbinddn cn=admin,dc=macondo04,dc=eait,dc=uq,dc=edu,dc=au
pam_password md5
If one wants to go through this process again, one can do  
dpkg-reconfigure ldap-auth-config
(2)  modify /etc/nsswitch.conf  file:
#Original file looks like this
passwd: compat 
group : compat  
shadow: compat 

#After appending "ldap" lines look like these
passwd: compat ldap
group : compat ldap  
shadow: compat ldap
(3)  execute the following command to make sure that if the user doesn't have a home folder, the system will make one:
echo "session required pam_mkhomedir.so skel=/etc/skel umask=0022">> /etc/pam.d/login
echo "session required pam_mkhomedir.so skel=/etc/skel umask=0022" >> /etc/pam.d/lightdm  
echo "session required    pam_mkhomedir.so skel=/etc/skel umask=0022">> /etc/pam.d/common-session
(4) One also needs to make sure the NFS server is properly mounted to the system.
echo "macondo04:/home/users /home/users nfs">> /etc/fstab
sudo mount macondo04:/home/users /home/users
(5) remove use_authtok parameter in /etc/pam.d/common-password on each host and client nodes so that all the users can change their passwd by using passwd command

 (6) make sure you have restarted your nscd:
/etc/init.d/nscd restart

 Reference:
http://askubuntu.com/questions/127389/how-to-configure-ubuntu-as-an-ldap-client
https://www.digitalocean.com/community/tutorials/how-to-authenticate-client-computers-using-ldap-on-an-ubuntu-12-04-vps
http://askubuntu.com/questions/340340/how-to-allow-ldap-user-to-change-password


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)