In this step, we will show you how to set up an OpenLDAP client with Debian 10 Buster. Before using this wizard, make sure you have an OpenLDAP server installed on another node or server that the client can connect to.
For this tutorial I will use Debian 10 with 1 GB RAM and 15 GB disk space. You must also have root permissions.
What We Will Do
- Installing and Configuring OpenLDAP Client Package
- Set Up Name Service Switch (nsswitch)
- Set Up Pam Authentication and Session  Testing
Step 1 – Installing and configuring OpenLDAP client packages
First, we will install LDAP packages on the client side. We will install the libnss and libpam packages for the ldap client.
During the installation of the ldap client package, you will be prompted for a specific configuration, including the ldap server's address, ldap-base-DN, and the password for ldap-admin users. [1
sudo apt install libnss-ldap libpam-ldap ldap-utils
Now you will be asked for the IP address of the LDAP server. Enter your LDAP / LDAPS server IP address and select "OK".
Type base DN for your LDAP server and select "OK".
Now specify the LDAP protocol version to & # 39; 3 & # 39; and select & # 39; OK & # 39 ;.
Type default LDAP root user (default is admin) and select & # 39; OK & # 39; again.
Now enter the password for the default administrator user.
For NSSwitch configuration, select & # 39; OK & # 39 ;.
Then let the ldap-admin user elevate as the root user by selecting "Yes".
For login password for LDAP database, I select & # 39; No & # 39; in my case.
Now re-enter the default LDP server administrator and select & # 39; OK & # 39 ;.
Type the Administrator password and select "OK" again.
Step 2 – Set the name service switch (nsswitch)
In this step we will change the NSSwitch configuration & # 39; /etc/nsswitch.conf' to use ldap as a data source.
Edit the configuration & # 39; /etc/nsswitch.conf' with the vim editor.
vim /etc/nsswitch.confebrit19659039??Now change detail lines exactly as below.
passwd: compat ldap
group: compat ldap
shadow: compat ldap
Save and close.
Now NSSwitch will loop up user authentication information to the ldap server.
Step 3 - Set Pam Authentication and Session
In this step, we will set up Pam password authentication by disabling the & # 39; use_authok & # 39; and add any pam session to automatically create a home directory.
The "use_authtok" module does not prompt the user for a new password, one and the & # 39; pam_mkhomedir & # 39; module automatically creates home directory for ldap users.
For the pam verification password, edit the & # 39; /etc/pam.d/common-password' with the vim editor.
vim / etc / pam.d / common-password
Remove the & # 39; use_authtok & # 39; in the password & # 39; pam_ldap & # 39; module configuration tone as below.
password [success=1 user_unknown=ignore default=die] pam_ldap.so try_Step 4 - Testingfirst_pass
Save and close.  Then edit the pam session configuration & # 39; /etc/pam.d/common-session' .ebrit19659012 ?? vim /etc/pam.d/common-session Chapter19659039 ?? Add the module configuration & # 39; pam_mkhomedir & # 39; below.
session option pam_mkhomedir.so skel = / etc / skel umask = 077
Save and close.
As a result, you have configured the PAM module for authentication and session configuration.
Restart the Debian client.
Step 4 - Testing
Test the installation of the OpenLDAP client configuration, log in to the client system with the user from the OpenLDAP server.
Login with user & # 39; olaf & # 39; available on the OpenLDAP server.
Once the user & # 39; olaf & # 39; is logged in, a new user directory for that user is created automatically.
As a result, the installation and configuration of the OpenLDAP client on Debian 10 has been successfully completed.