Rather brief notes on getting LDAP auth running on a Debian server
Install dependencies
apt-get install libpam-ldap libnss-ldap
Debconf
LDAP server Uniform Resource Identifier: ldaps://10.179.43.21/ Distinguished name of the search base: dc=badwolf,dc=greenbeedigital,dc=com,dc=au LDAP version to use: 3 Does the LDAP database require login? No Special LDAP privileges for root? No Make the configuration file readable/writeable by its owner only? No Make local root Database admin. No Does the LDAP database require login? No Local crypt to use when changing passwords. crypt
/etc/libnss-ldap.conf modifications
# OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl start_tls ssl on
/etc/ldap/ldap.conf modifications
BASE dc=badwolf,dc=greenbeedigital,dc=com,dc=au URI ldaps://10.179.43.21/ TLS_REQCERT never
/etc/nsswitch.conf modifications
passwd: files ldap group: files ldap
/etc/pam.d/common-auth modifications
auth [success=1 default=ignore] pam_unix.so nullok_secure auth required pam_ldap.so use_first_pass auth required pam_permit.so
/etc/pam.d/common-account modifications
account sufficient pam_unix.so account required pam_ldap.so
/etc/pam.d/common-session modifications
session required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
This site is archived. mig5 is taking a break from writing.