This short guide should get your Linux box authenticating it’s users against a central LDAP server.
Packages
We start by installing the required packages. The package names below are valid for Debian Etch and Ubuntu Edgy, but should work for other Debian/Ubuntu derived distributions.
apt-get install libpam-ldap libnss-ldap
PAM Configuration
In /etc/pam.d we are going to edit a couple of files, to let PAM know when to consult the LDAP directory. You should add the lines to the files listed below.
/etc/pam.d/common-account:
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
/etc/pam.d/common-auth:
auth sufficient pam_ldap.so use_first_pass
/etc/pam.d/common-password:
password sufficient pam_ldap.so use_authok
/etc/pam.d/common-session:
session optional pam_ldap.so
NSS Configuration
We need to tell the Name Server Switch to look in the LDAP
/etc/nsswitch.conf:
passwd: compat ldap group: compat ldap shadow: compat
/etc/libnss-ldap.conf:
# LDAP Servers (one or many) host ldap01.domain.org ldap02.domain.org# The distinguished name of the search base. base dc=domain,dc=org
Mark
This is not entirely correct. Please see:
http://moduli.net/sysadmin/sarge-ldap-auth-howto.html