OnWorks Linux and Windows Online WorkStations

Logo

Free Hosting Online for WorkStations

< Previous | Contents | Next >

1.10. LDAP Authentication‌


Once you have a working LDAP server, you will need to install libraries on the client that will know how and when to contact it. On Ubuntu, this has been traditionally accomplished by installing the libnss-ldap package. This package will bring in other tools that will assist you in the configuration step. Install this package now:


sudo apt install libnss-ldap


You will be prompted for details of your LDAP server. If you make a mistake you can try again using:


sudo dpkg-reconfigure ldap-auth-config


The results of the dialog can be seen in /etc/ldap.conf. If your server requires options not covered in the menu edit this file accordingly.


Now configure the LDAP profile for NSS:


sudo auth-client-config -t nss -p lac_ldap


Configure the system to use LDAP for authentication:


sudo pam-auth-update


From the menu, choose LDAP and any other authentication mechanisms you need. You should now be able to log in using LDAP-based credentials.

LDAP clients will need to refer to multiple servers if replication is in use. In /etc/ldap.conf you would have something like:


uri ldap://ldap01.example.com ldap://ldap02.example.com


The request will time out and the Consumer (ldap02) will attempt to be reached if the Provider (ldap01) becomes unresponsive.


If you are going to use LDAP to store Samba users you will need to configure the Samba server to authenticate using LDAP. See Section 2, “Samba and LDAP” [p. 140] for details.


image

An alternative to the libnss-ldap package is the libnss-ldapd package. This, however, will bring in the nscd package which is problably not wanted. Simply remove it afterwards.


Top OS Cloud Computing at OnWorks: