Monday, 19 March 2018

OpenLDAP Client Setup


Install updates if any
############################
root@ip-172-31-8-85:~# sudo apt-get update

Install packages
#####################
root@ip-172-31-8-85:~# sudo apt-get install libnss-ldap 
libpam-ldap ldap-utils nscd -y

Reconfigure ldap client authentication if required
####################################################
root@ip-172-31-8-85:~# sudo dpkg-reconfigure ldap-auth-config

Follow the steps below to configure client:












(Now your LDAP client is configured)

(The installer does the most of the configurations based on our
 inputs given in the previous section. But, there are still some 
changes required for LDAP authentication to work.)

Configure nsswitch.conf to work with LDAP.
######################################
root@ip-172-31-8-85:~# sudo vim /etc/nsswitch.conf
Update the below lines shown like below.
# pre_auth-client-config  passwd:     compat ldap
passwd: files ldap
# pre_auth-client-config  group:     compat ldap
group: files ldap
# pre_auth-client-config  shadow:     compat ldap
shadow: files ldap


(Optional: If you want the home directory of the user to be created 
automatically, then do as follow.)
######################################################

root@ip-172-31-8-85:~# sudo vim /etc/pam.d/common-session
(Add below line in the above file.)
session required        pam_mkhomedir.so skel=/etc/skel umask=077

Restart the nscd service.
##########################
root@ip-172-31-2-63:~# sudo service nscd restart

Validate
#################################################
Use the getent command to get the LDAP entries from the LDAP server.
root@ip-172-31-8-85:~# getent passwd shashank
shashank:*:1001:501:shashank:/home/users/shashank:

root@ip-172-31-8-85:~# getent passwd ldapuser
ldapuser:*:1000:501:ldapuser:/home/users/ldapuser:


Check the users logging
######################################
root@ip-172-31-8-85:~# su - shashank
shashank@ip-172-31-8-85:~$ pwd
/home/users/shashank
shashank@ip-172-31-8-85:~$ logout
root@ip-172-31-8-85:~# su - ldapuser
ldapuser@ip-172-31-8-85:~$ pwd
/home/users/ldapuser
ldapuser@ip-172-31-8-85:~$ logout

(Its has automatically created the directory on the local system. 
You can check by pwd as done above)

No comments:

Post a Comment

Amazon EKS - Kubernetes on AWS

By Komal Devgaonkar Amazon Elastic Container Service for Kubernetes (Amazon EKS), which is highly available and scalable AWS service....