Configure LDAP Client on Ubuntu 22.04|20.04|18.04|16.04

Posted on 147 views

This is a guide on how to configure an Ubuntu 22.04|20.04|18.04|16.04 LTS servers to authenticate against an LDAP directory server. LDAP is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services.

I expect you already have a running LDAP server, if not, use our guides below to set it up:

Once you have LDAP server configured and user accounts added, you can proceed to install and configure LDAP client.

Install and Configure LDAP Client on Ubuntu 22.04|20.04|18.04|16.04 LTS

Add LDAP server address to /etc/hosts file if you don’t have an active DNS server in your network.

$ sudo vim /etc/hosts
192.168.18.50 ldap.example.com

Install LDAP client utilities on your Ubuntu system:

sudo apt -y install libnss-ldap libpam-ldap ldap-utils

Begin configuring the settings to look like below

1. Set LDAP URI- This can be IP address or hostname

ldap-client-ubuntu-18.04-add-uri-min-1068x186

2. Set a Distinguished name of the search base

ldap-client-ubuntu-18.04-set-search-base-distinguished-name-min-1024x348

3. Select LDAP version 3

ldap-client-ubuntu-18.04-set-ldap-version-min-1024x352

4. Select Yes for Make local root Database admin

ldap-client-ubuntu-18.04-make-local-root-database-admin-min-1024x407

5. Answer No for Does the LDAP database require login?

ldap-client-ubuntu-18.04-does-ldap-require-login-no-min-1024x256

6. Set LDAP account for root, something like cn=admin,cd=example,cn=com

ldap-client-ubuntu-18.04-set-admin-ldap-account-min

7. Provide LDAP root account Password

ldap-client-ubuntu-18.04-enter-ldap-admin-pass-min-1024x383

After the installation, edit /etc/nsswitch.confand add ldap authentication to passwd and group lines.

passwd: compat systemd ldap
group: compat systemd ldap
shadow: compat

Modify the file /etc/pam.d/common-password. Remove use_authtok on line 26 to look like below.

password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass

Enable creation of home directory on first login by adding the following line to the end of file /etc/pam.d/common-session

session optional pam_mkhomedir.so skel=/etc/skel umask=077

See below screenshot:

ldap-client-enable-home-creation-min-1024x202

Test by switching to a user account on LDAP

[email protected]:~# sudo su - jmutai
Creating directory '/home/jmutai'.
[email protected]:~$ id
uid=10000(jmutai) gid=10000(sysadmins) groups=10000(sysadmins)

That’s all.

coffee

Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.