Abhishek' blog

Setting up LDAP on Ubuntu Server and Ubuntu Client

with this you will be able to configure the LDAP server and then create n numbers of users and can use that user on any machine in the network.

Abhishek Ranjan's photo
Abhishek Ranjan
·

2 min read

Table of contents

Setting up LDAP on Ubuntu Server

Install slapd and ldap-utils

sudo apt update -y
sudo apt install slapd ldap-utils -y

Configure slapd

sudo dpkg-reconfigure slapd

  • Select No for "Omit OpenLDAP server configuration".

  • Set the DNS domain name to example.com.

  • Set the Organization name to example.com

  • Enter the admin password when prompted.

  • Select No for "Remove the database when slapd is purged".

  • Select Yes for "Move old database".

  • Check the configuration with slapcat -b cn=config.

Populate the directory

Let’s introduce some content to the directory. We will add the following:

  • A node called People, to store users

    • A user called john

  • A node called Groups, to store groups

    • A group called miners

Create a LDIF file named add_content.ldif with the following content:

dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Groups

dn: cn=miners,ou=Groups,dc=example,dc=com
objectClass: posixGroup
cn: miners
gidNumber: 5000

dn: uid=john,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
uidNumber: 10000
gidNumber: 5000
userPassword: {CRYPT}x
gecos: John Doe
loginShell: /bin/bash
homeDirectory: /home/john

Note:
It’s important that uid and gid values in your directory do not collide with local values. You can use high number ranges, such as starting at 5000 or even higher.

Add the content to LDAP:

ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif

Provide the ldap admin password to authenticate

Verify

Check the user:

ldapsearch -x -LLL -b dc=example,dc=com '(uid=john)' cn gidNumber

Change the password:

Notice we set the userPassword field for the “john” entry to the cryptic value {CRYPT}x. This essentially is an invalid password, because no hashing will produce just x. To change the password to something valid, you can now use ldappasswd:

ldappasswd -x -D cn=admin,dc=example,dc=com -W -S uid=john,ou=people,dc=example,dc=com

Setting up LDAP on Ubuntu Client

Install necessary packages

sudo apt update -y
sudo apt -y install libnss-ldapd libpam-ldapd ldap-utils

Configure the client

sudo dpkg-reconfigure ldap-auth-config

  • Provide the LDAP server's IP address (ldap://<server_IP>).

  • Set the LDAP server search base to dc=example,dc=com.

  • Configure services for "passwd", "group", "shadow" (select these options by "space key").

To create the home directory in the client Machine (Optional)

sudo sed -i '$ a session required pam_mkhomedir.so skel=/etc/skel umask=0022' /etc/pam.d/common-session

Restart services

sudo systemctl restart nscd nslcd

Login with the new user

su john
LDAPLDAP Server