Linux LDAP Authentication (Debian family)

This short guide should get your Linux box authenticating it’s users against a central LDAP server.

We start by installing the required packages. The package names below are valid for Debian Etch and Ubuntu Edgy, but should work for other Debian/Ubuntu derived distributions.

apt-get install libpam-ldap libnss-ldap

PAM Configuration
In /etc/pam.d we are going to edit a couple of files, to let PAM know when to consult the LDAP directory. You should add the lines to the files listed below.


account     [default=bad success=ok user_unknown=ignore]


auth     sufficient use_first_pass


password     sufficient use_authok


session       optional

NSS Configuration
We need to tell the Name Server Switch to look in the LDAP


passwd:         compat ldap
group:          compat ldap
shadow:         compat


# LDAP Servers (one or many)
host The distinguished name of the search base.
base dc=domain,dc=org

One Comment

Comments are closed.