Debian 12 bookworm
Sponsored Link

OpenLDAP : Configure LDAP Client2023/07/03

 
Configure LDAP Client in order to share user accounts in your local networks.
[1] Configure LDAP Client.
root@node01:~#
apt -y install libnss-ldapd libpam-ldapd ldap-utils
(1) specify LDAP server's URI

 +---------------------| Configuring ldap-auth-config |----------------------+
 | Please enter the URI of the LDAP server to use. This is a string in the   |
 | form of ldap://<hostname or IP>:<port>/. ldaps:// or ldapi:// can also    |
 | be used. The port number is optional.                                     |
 |                                                                           |
 | Note: It is usually a good idea to use an IP address because it reduces   |
 | risks of failure in the event name service problems.                      |
 |                                                                           |
 | LDAP server Uniform Resource Identifier:                                  |
 |                                                                           |
 | ldap://dlp.srv.world/_________________________________________________    |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+

(2) specify suffix
 +---------------------| Configuring ldap-auth-config |----------------------+
 | Please enter the distinguished name of the LDAP search base. Many sites   |
 | use the components of their domain names for this purpose. For example,   |
 | the domain "example.net" would use "dc=example,dc=net" as the             |
 | distinguished name of the search base.                                    |
 |                                                                           |
 | Distinguished name of the search base:                                    |
 |                                                                           |
 | dc=srv,dc=world_______________________________________________________    |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+

(3) select services that should have LDAP lookups enabled
 +-----------------------+ Configuring libnss-ldapd +------------------------+
 | For this package to work, you need to modify the /etc/nsswitch.conf file  |
 | to use the ldap datasource.                                               |
 |                                                                           |
 | You can select the services that should have LDAP lookups enabled. The    |
 | new LDAP lookups will be added as the last datasource. Be sure to review  |
 | these changes.                                                            |
 |                                                                           |
 | Name services to configure:                                               |
 |                                                                           |
 |    [*] passwd                                                             |
 |    [*] group                                                              |
 |    [*] shadow                                                             |
 |    [ ] hosts                                                              |
 |    [ ] networks                                                           |
 |                                                                           |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+

root@node01:~#
vi /etc/pam.d/common-session
# add to the end if need (create home directory automatically at initial login)

session optional        pam_mkhomedir.so skel=/etc/skel umask=077
root@node01:~#
systemctl restart nscd nslcd

root@node01:~#
exit
Debian GNU/Linux 12 node01.srv.world ttyS0

node01 login: bookworm     # LDAP user
Password:
Linux node01.srv.world 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Creating directory '/home/bookworm'.
bookworm@node01:~$       # logined

# changing password is like follows

bookworm@node01:~$
(current) LDAP Password:     # current password
New password:                # new one
Retype new password:
passwd: password updated successfully
bookworm@node01:~$              # changed
Matched Content