HOWTO: LDAP Client on 10.

04 Lucid Lynx
This is essentially the same as my previous Hardy Heron LDAP howto but with some steps removed. Rather than edit the old article I thought I'd just reproduce it with the appropriate parts omitted. This howto is also relevant to Jaunty and Karmic. The LDAP Server howto can be found here. PLATFORMS TESTED: Ubuntu 10.04 LTS (Lucid), Ubuntu 11.04 LTS (Natty) PREREQUISITES: * A vanilla Ubuntu 10.04 (or later) desktop or server install. * You have shared your user home directories from an NFS server * You have successfully installed a working LDAP server Network overview; * domain name: tuxnetworks.com * Servername/IP: ldap.tuxnetworks.com 10.1.1.5 * The user "brettg" is a valid LDAP user on your server. We are going to set up a Lucid client connected to an LDAP server. We should aready have our home directories mounted via NFS.

~$ sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils

You will again be asked a bunch of questions;

LDAP server Uniform Resource Identifier: ldap://ldap.tuxnetworks.com Distinguished name of the search base: dc=tuxnetworks,dc=com ldap://ldap.tuxnetworks.com 3 Make local root Database admin: Yes Does the LDAP database require login? No LDAP account for root: cn=admin,dc=tuxnetworks,dc=com LDAP root password: (The server LDAP root password)
Now we need to edit the following files;

~$ sudo vi /etc/ldap.conf
and edit these lines to look like this;

bind_policy soft pam_password crypt

Find the line that begins with uri ldapi:// . . . Comment the line out and replace it with a line like so;

uri ldap://ldap.tuxnetworks.com/
Edit this file;

~$ sudo vi /etc/ldap/ldap.conf
Edit it to look like this;

BASE URI

dc=tuxnetworks,dc=com ldap://ldap.tuxnetworks.com 0 0 never

SIZELIMIT TIMELIMIT DEREF

Edit nsswitch.conf

~$ sudo vi /etc/nsswitch.conf
Enter the following lines;

passwd: group: shadow: hosts: networks: protocols: services: ethers: rpc:

files ldap files ldap files ldap files dns files db db db db files files files files

Now update nss to use ldap.

~$ sudo nss_updatedb ldap passwd... done. group... done.

Note: If you get an error . . .

Failed to enumerate nameservice: No such file or directory

. . . then check that your uri line in /etc/ldap.conf is correct and the address is pingable. You should now be able to check the server with;

~$ ldapsearch -x
That command should output a tonne of stuff from the server LDAP directory.

getent passwd
You should now be able to login to the client via ssh using the user "brettg"s credentials

brettg@jupiter:~$ ssh brettg@galileo Welcome to Ubuntu 11.04 (GNU/Linux 2.6.38-8-generic x86_64) * Documentation: https://help.ubuntu.com/

Last login: Fri Jun 24 14:13:05 2011 from 10.1.1.80 brettg@galileo:~$

Take a look at your passwd file to make double sure you are not logging in using local auth;

grep brettg /etc/passwd

If that returns a line then you are probably logged in using a local user. Remove that line from /etc/passwd and try again. For Gnome Desktop users. Assigning users to the correct groups at login, create a new file called group.conf and place the following line in it;

vi /etc/security/group.conf gdm;*;*;Al0000-9000;floppy,audio,cdrom,video,plugdev,scanner
We also need to tell pam to use the group.conf settings;

vi /etc/pam.d/gdm
Add this line;

auth optional pam_group.so

Reboot your PC and you should be able to login to gnome using ldap!