Site icon TechiHaus

How to Install and Configure an OpenLDAP Ubuntu Server

How to Install and Configure an OpenLDAP Ubuntu Server
2024-03-25 15:00:00

Installing and Configuring the OpenLDAP Client

Now that you have a great server setup, you need a way to interact with IT by installing and configuring the OpenLDAP client. Setting up this client is essential for enabling centralized authentication and resource access across your network.

Integrating your Ubuntu system with the LDAP directory server establishes a unified authentication mechanism, enhancing security and simplifying user management.

To install and configure the OpenLDAP client, follow these steps:

1. Execute the following sh command to add the OpenLDAP server’s hostname and IP address to your client machine to the /etc/hosts file, allowing hostname-based communication.

Remember to replace 192.168.1.7 and ldap.ata.com with your server’s IP address and hostname.

sudo sh -c 'echo "192.168.1.7 ldap.ata.com" >> /etc/hosts'
Adding the OpenLDAP server’s hostname and IP address to the hosts file

2. Once added, run the below ping command to check the connectivity between your system and your OpenLDAP server (ldap.ata.com).

The output below confirms the client machine can successfully communicate with the OpenLDAP server using the specified IP address and hostname.

Pinging the LDAP server

3. Next, run the command below to update your package lists and install the following necessary OpenLDAP client packages:

  • libnss-ldap – Enables your system to use LDAP for common configuration databases.
  • libpam-ldap – Allows system authentication against LDAP directories.
  • ldap-utils – Provides command-line tools for managing LDAP directory entries.
  • nscd – Caches NSS lookups, improving performance by reducing LDAP server queries.
sudo apt update && sudo apt install libnss-ldap libpam-ldap ldap-utils nscd -y

During installation, you will get a series of prompts to configure the OpenLDAP client (step four).

Updating the package lists and installing the necessary OpenLDAP client packages

4. Now, enter ldap://192.168.1.7 in the LDAP server Uniform Resource Identifier field, which directs the client to your OpenLDAP server.

Setting the LDAP server Uniform Resource Identifier

5. Input the DN of the search base (i.e., dc=ata,dc=com) for LDAP operations.

Entering the DN of the search base

6. Choose 3 for the LDAP version to use for enhanced security and features

Selecting the preferred LDAP version

7. Next, select Yes to give the root user database admin privileges.

Making local root a Database admin

8. Afterward, choose No for root account management to disable the LDAP database login.

Disabling the LDAP database login

9. Input the LDAP account for root (i.e., cn=admin,dc=ata,dc=com). This configuration specifies the admin account for managing LDAP.

Provide the LDAP account for the root

10. Provide a strong LDAP root account password (admin password).

Provide an LDAP root account password

11. After the client configuration, open the /etc/nsswitch.conf file in your preferred editor (i.e., nano or vim) to configure your system’s name service switch.

This file decides the pecking order for where the system looks up stuff like user accounts, groups, hosts, and services.

12. Change the value of the following lines in the /etc/nsswitch.conf file to include the following:

compat – Refers to local files like /etc/passwd.

ldap – Specifies the use of LDAP.

This configuration allows the use of LDAP user authentication and other system functions

passwd:         compat systemd ldap
group:          compat systemd ldap
shadow:         compat
Allowing the use of LDAP user authentication

13. Now, open the /etc/pam.d/common-password file, locate and remove the use_authtok option, as highlighted below, save the changes, and close the file.

This action lets you adjust the PAM password settings to use the password provided by the user.

Adjusting the PAM password settings

14. Additionally, open the /etc/pam.d/common-session file, add the following line and save and close the file.

Upon user login, this configuration adds automatic home directory creation to ensure user home directories are created with proper permissions.

session optional pam_mkhomedir.so skel=/etc/skel umask=077
Adding automatic home directory creation upon user login

15. Lastly, run the command below to restart the Name Service Cache Daemon (nscd) and apply the configuration changes.

sudo systemctl restart nscd

[Contact Techihaus for get solution for your startup]

Source link

Exit mobile version