This is a guide on how to configure an Ubuntu 22.04|20.04|18.04|16.04 LTS servers to authenticate against an LDAP directory server. LDAP is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services.
I expect you already have a running LDAP server, if not, use our guides below to set it up:
Once you have LDAP server configured and user accounts added, you can proceed to install and configure LDAP client.
Install and Configure LDAP Client on Ubuntu 22.04|20.04|18.04|16.04 LTS
Add LDAP server address to /etc/hosts file if you don’t have an active DNS server in your network.
$ sudo vim /etc/hosts
192.168.18.50 ldap.example.comInstall LDAP client utilities on your Ubuntu system:
sudo apt -y install libnss-ldap libpam-ldap ldap-utilsBegin configuring the settings to look like below
1. Set LDAP URI- This can be IP address or hostname
2. Set a Distinguished name of the search base
3. Select LDAP version 3
4. Select Yes for Make local root Database admin
5. Answer No for Does the LDAP database require login?
6. Set LDAP account for root, something like cn=admin,cd=example,cn=com
7. Provide LDAP root account Password
After the installation, edit /etc/nsswitch.confand add ldap authentication to passwd and group lines.
passwd: compat systemd ldap
group: compat systemd ldap
shadow: compatModify the file /etc/pam.d/common-password. Remove use_authtok on line 26 to look like below.
password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_passEnable creation of home directory on first login by adding the following line to the end of file /etc/pam.d/common-session
session optional pam_mkhomedir.so skel=/etc/skel umask=077See below screenshot:
Test by switching to a user account on LDAP
[email protected]:~# sudo su - jmutai
Creating directory '/home/jmutai'.
[email protected]:~$ id
uid=10000(jmutai) gid=10000(sysadmins) groups=10000(sysadmins)That’s all.
