Home / How To / How to set OpenLDAP client on Debian 10

How to set OpenLDAP client on Debian 10



In this step, we will show you how to set up an OpenLDAP client with Debian 10 Buster. Before using this wizard, make sure you have an OpenLDAP server installed on another node or server that the client can connect to.

For this tutorial I will use Debian 10 with 1 GB RAM and 15 GB disk space. You must also have root permissions.

What We Will Do

  • Installing and Configuring OpenLDAP Client Package
  • Set Up Name Service Switch (nsswitch)
  • Set Up Pam Authentication and Session [19659005] Testing

Step 1 – Installing and configuring OpenLDAP client packages

First, we will install LDAP packages on the client side. We will install the libnss and libpam packages for the ldap client.

During the installation of the ldap client package, you will be prompted for a specific configuration, including the ldap server's address, ldap-base-DN, and the password for ldap-admin users. [1

9659002] Install ldap packages for clients using the apt command below.

  sudo apt install libnss-ldap libpam-ldap ldap-utils 

Install libnss-ldap

Now you will be asked for the IP address of the LDAP server. Enter your LDAP / LDAPS server IP address and select "OK".

 Install libnss-ldap

Type base DN for your LDAP server and select "OK".

 Base DN

Now specify the LDAP protocol version to & # 39; 3 & # 39; and select & # 39; OK & # 39 ;.

 LDAP protocol version

Type default LDAP root user (default is admin) and select & # 39; OK & # 39; again.

 LDAP root user

Now enter the password for the default administrator user.

 LDAP User Password

For NSSwitch configuration, select & # 39; OK & # 39 ;.

 NSSwitch configuration

Installing libpam-ldap

Then let the ldap-admin user elevate as the root user by selecting "Yes".

 Installing libpam -ldap

For login password for LDAP database, I select & # 39; No & # 39; in my case.

 Logging in LDAP database

Now re-enter the default LDP server administrator and select & # 39; OK & # 39 ;.

 Default Administrator User

Type the Administrator password and select "OK" again.

 Administrator password

Step 2 – Set the name service switch (nsswitch)

In this step we will change the NSSwitch configuration & # 39; /etc/nsswitch.conf' to use ldap as a data source.

Edit the configuration & # 39; /etc/nsswitch.conf' with the vim editor.

  vim /etc/nsswitch.confebrit19659039??Now change detail lines exactly as below. 

  passwd: compat ldap 
group: compat ldap
shadow: compat ldap

Save and close.

Now NSSwitch will loop up user authentication information to the ldap server.

Step 3 - Set Pam Authentication and Session

In this step, we will set up Pam password authentication by disabling the & # 39; use_authok & # 39; and add any pam session to automatically create a home directory.

The "use_authtok" module does not prompt the user for a new password, one and the & # 39; pam_mkhomedir & # 39; module automatically creates home directory for ldap users.

For the pam verification password, edit the & # 39; /etc/pam.d/common-password' with the vim editor.

  vim / etc / pam.d / common-password 

Remove the & # 39; use_authtok & # 39; in the password & # 39; pam_ldap & # 39; module configuration tone as below.

  password [success=1 user_unknown=ignore default=die] pam_ldap.so try_Step 4 - Testingfirst_pass 

Save and close. [19659002] Then edit the pam session configuration & # 39; /etc/pam.d/common-session' .ebrit19659012 ?? vim /etc/pam.d/common-session Chapter19659039 ?? Add the module configuration & # 39; pam_mkhomedir & # 39; below.

  session option pam_mkhomedir.so skel = / etc / skel umask = 077 

Save and close.

As a result, you have configured the PAM module for authentication and session configuration.

Restart the Debian client.

  sudo reboot 

 Configure nsswitch and reboot

Step 4 - Testing

Test the installation of the OpenLDAP client configuration, log in to the client system with the user from the OpenLDAP server.

Login with user & # 39; olaf & # 39; available on the OpenLDAP server.

 Test OpenLDAP logon

Once the user & # 39; olaf & # 39; is logged in, a new user directory for that user is created automatically.

 Login successfully

As a result, the installation and configuration of the OpenLDAP client on Debian 10 has been successfully completed.


Source link