After having set up a ldap replica on my home server it seems to be a good idea to use this ldap to manage the user accounts. Or to enable the existing accounts in the ldap to log in the server.
In this post I’m going to describe my setup of ldap user login.
1. remove group users
I’m removing the group
users as this group is being managed within my ldap.
2. install necessary software
It’s not much needed:
aptitude install libnss-ldap libpam-ldap
debconf will ask for quite a lot of configuration info. After providing this the main work is almost done.
3. check and finish configuration
Although the big part of the config is already done, have a look at
/etc/libnss-ldap.conf Watch the following settings:
base dc=example,dc=net uri ldapi:///localhost ldap_version 3 rootbinddn cn=admin,dc=example,dc=com scope one timelimit 3 bind_timelimit 3 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberUid pam_min_uid 1000 pam_max_uid 5000 pam_password exop nss_base_passwd ou=people,dc=example,dc=com nss_base_shadow ou=people,dc=example,dc=com nss_base_group ou=groups,dc=example,dc=com
/etc/nssswitch.conf to look like:
passwd: files ldap group: files ldap shadow: files ldap
enable ldap user login and testing
Enable the settings by restarting the
name service cache daemon
to get a list of all users and
to get a list of all groups. Users and groups managed in the ldap should appear here.
Now ldap user login should be working for all users stored in the ldap. They have to members of the group users in the ldap of course.