Setting up LDAP on Ubuntu Server and Ubuntu Client

Abhishek RanjanAbhishek Ranjan
2 min read

Table of contents

Setting up LDAP on Ubuntu Server

Install slapd and ldap-utils

sudo apt update -y
sudo apt install slapd ldap-utils -y

Configure slapd

sudo dpkg-reconfigure slapd

  • Select No for "Omit OpenLDAP server configuration".

  • Set the DNS domain name to example.com.

  • Set the Organization name to example.com

  • Enter the admin password when prompted.

  • Select No for "Remove the database when slapd is purged".

  • Select Yes for "Move old database".

  • Check the configuration with slapcat -b cn=config.

Populate the directory

Let’s introduce some content to the directory. We will add the following:

  • A node called People, to store users

    • A user called john

  • A node called Groups, to store groups

    • A group called miners

Create a LDIF file named add_content.ldif with the following content:

dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Groups

dn: cn=miners,ou=Groups,dc=example,dc=com
objectClass: posixGroup
cn: miners
gidNumber: 5000

dn: uid=john,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
uidNumber: 10000
gidNumber: 5000
userPassword: {CRYPT}x
gecos: John Doe
loginShell: /bin/bash
homeDirectory: /home/john

Note:
It’s important that uid and gid values in your directory do not collide with local values. You can use high number ranges, such as starting at 5000 or even higher.

Add the content to LDAP:

ldapadd -x -D cn=admin,dc=example,dc=com -W -f add_content.ldif

Provide the ldap admin password to authenticate

Verify

Check the user:

ldapsearch -x -LLL -b dc=example,dc=com '(uid=john)' cn gidNumber

Change the password:

Notice we set the userPassword field for the “john” entry to the cryptic value {CRYPT}x. This essentially is an invalid password, because no hashing will produce just x. To change the password to something valid, you can now use ldappasswd:

ldappasswd -x -D cn=admin,dc=example,dc=com -W -S uid=john,ou=people,dc=example,dc=com

Setting up LDAP on Ubuntu Client

Install necessary packages

sudo apt update -y
sudo apt -y install libnss-ldapd libpam-ldapd ldap-utils

Configure the client

sudo dpkg-reconfigure ldap-auth-config

  • Provide the LDAP server's IP address (ldap://<server_IP>).

  • Set the LDAP server search base to dc=example,dc=com.

  • Configure services for "passwd", "group", "shadow" (select these options by "space key").

To create the home directory in the client Machine (Optional)

sudo sed -i '$ a session required pam_mkhomedir.so skel=/etc/skel umask=0022' /etc/pam.d/common-session

Restart services

sudo systemctl restart nscd nslcd

Login with the new user

su john
0
Subscribe to my newsletter

Read articles from Abhishek Ranjan directly inside your inbox. Subscribe to the newsletter, and don't miss out.

LDAPLDAP Server

Written by

Abhishek Ranjan
Abhishek Ranjan

👋 Hi there! I'm a seasoned Linux System Administrator with a strong preference for vi/vim over nano. My professional journey has led me to embrace DevOps, and I am passionate about mastering it as my main goal. 🌐 I have extensive experience with: Patch Management on Linux DevOps tools, including Kubernetes and Docker CI/CD pipelines using Ansible, Jenkins, Git, and Release Monitoring tools and scripting with Ansible and Shell Tracking and ticketing tools like Service Now and JIRA Cloud platforms, with extensive experience in AWS 🛠️ I am currently deepening my knowledge in infrastructure automation with Terraform and have recently worked on provisioning infrastructure and setting up centralized Jenkins servers. 💡 My current learning pursuits include becoming proficient in Python for Ansible and stepping into the world of ServiceNow development. 🚀 When I'm not diving into tech, I'm on a journey to learn international marketing. I'm also based in India, working on an online clothing business e-commerce project tailored for the local market. 🏍️ Outside of work, I enjoy adventurous bike trips and recently completed a scenic route from Coimbatore to Wayanad via Cherpulassery. Let's connect and share knowledge on all things DevOps, automation, and beyond!