< Previous | Contents | Next >
1.10. LDAP Authentication
Once you have a working LDAP server, you will need to install libraries on the client that will know how and when to contact it. On Ubuntu, this has been traditionally accomplished by installing the libnss-ldap package. This package will bring in other tools that will assist you in the configuration step. Install this package now:
sudo apt install libnss-ldap
You will be prompted for details of your LDAP server. If you make a mistake you can try again using:
sudo dpkg-reconfigure ldap-auth-config
The results of the dialog can be seen in /etc/ldap.conf. If your server requires options not covered in the menu edit this file accordingly.
Now configure the LDAP profile for NSS:
sudo auth-client-config -t nss -p lac_ldap
Configure the system to use LDAP for authentication:
sudo pam-auth-update
From the menu, choose LDAP and any other authentication mechanisms you need. You should now be able to log in using LDAP-based credentials.
LDAP clients will need to refer to multiple servers if replication is in use. In /etc/ldap.conf you would have something like:
uri ldap://ldap01.example.com ldap://ldap02.example.com
The request will time out and the Consumer (ldap02) will attempt to be reached if the Provider (ldap01) becomes unresponsive.
If you are going to use LDAP to store Samba users you will need to configure the Samba server to authenticate using LDAP. See Section 2, “Samba and LDAP” [p. 140] for details.
An alternative to the libnss-ldap package is the libnss-ldapd package. This, however, will bring in the nscd package which is problably not wanted. Simply remove it afterwards.