Configure Ubuntu client to obtain OPENLDAP service authentication

This page is written for people who want to configure the http://www.aliyun.com/zixun/aggregation/13835.html ">ubuntu client to authenticate to a OpenLDAP service."

Install Configure LDAP Authentication

Install the following packages: Libpam-ldap Libnss-ldap (see Installingsoftware). Note that you must activate the Universe library.

When you install, you will ask the following questions:

The LDAP server address used here you can also use the full domain name. such as ldap.example.co
The identity name of the search base. such as dc=example,dc=com
The LDAP version used in this you can usually choose 3.
Whether your database requires you to log in here you can usually choose No.
Do you want to configure your own readable/writable permissions?
The dialog box shown shows that it does not automatically manage nsswitch.conf. Just select OK.
Do you want the local root user to be the database administrator?
Ask your database again if you want to log in here and you will select No
Your root User login account: cn=manager,dc=example,dc=com
Your root user password
A dialog box then displays different encryption methods to specify the encryption method used before sending your password. EXOP is usually a good choice.

Configure nsswitch.conf

Unfortunately, we are not able to test this configuration until/ETC/NSSWITCH.CONF is configured:

$ sudo vi/etc/nsswitch.conf

Enter the following command to replace Compat with LDAP files:

:%s/compat/ldap files/g

Using Getent to test nsswitch.conf configuration

You can now use the following commands to test your configuration (replace <someldapuser> with a user and a known group of your LDAP service instead of <someldapgroup>):

$ getent passwd <someldapuser>
$ getent Group <someldapgroup>

If you get a response in the above scenario, your LDAP nsswitch.conf configuration is correct and all you need to do is configure PAM.

Change the search order in nsswitch.conf

You may want to exchange LDAP and files in order to check your local passwd files before querying the LDAP server:

$ sudo vi/etc/nsswitch.conf

Then change the order of each line in the following form:

Passwd:files LDAP
Group:files LDAP
Shadow:files LDAP