Linux LDAP Authentication (Debian family)

This short guide should get your Linux box authenticating it’s users against a central LDAP server.

Packages
We start by installing the required packages. The package names below are valid for Debian Etch and Ubuntu Edgy, but should work for other Debian/Ubuntu derived distributions.

apt-get install libpam-ldap libnss-ldap

PAM Configuration
In /etc/pam.d we are going to edit a couple of files, to let PAM know when to consult the LDAP directory. You should add the lines to the files listed below.

/etc/pam.d/common-account:

account     [default=bad success=ok user_unknown=ignore] pam_ldap.so

/etc/pam.d/common-auth:

auth     sufficient      pam_ldap.so use_first_pass

/etc/pam.d/common-password:

password     sufficient      pam_ldap.so use_authok

/etc/pam.d/common-session:

session       optional        pam_ldap.so

NSS Configuration
We need to tell the Name Server Switch to look in the LDAP

/etc/nsswitch.conf:

passwd:         compat ldap
group:          compat ldap
shadow:         compat

/etc/libnss-ldap.conf:

# LDAP Servers (one or many)
host ldap01.domain.org ldap02.domain.org# The distinguished name of the search base.
base dc=domain,dc=org

One Comment

Comments are closed.