Ldap user login

After having set up a ldap replica on my home server it seems to be a good idea to use this ldap to manage the user accounts. Or to enable the existing accounts in the ldap to log in the server.
In this post I’m going to describe my setup of ldap user login.

1. remove group users

I’m removing the group users as this group is being managed within my ldap.

groupdel users

2. install necessary software

It’s not much needed:

aptitude install libnss-ldap libpam-ldap

After installing, debconf will ask for quite a lot of configuration info. After providing this the main work is almost done.

3. check and finish configuration

Although the big part of the config is already done, have a look at /etc/libnss-ldap.conf Watch the following settings:

base dc=example,dc=net
uri ldapi:///localhost
ldap_version 3
rootbinddn cn=admin,dc=example,dc=com
scope one
timelimit 3
bind_timelimit 3
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUid
pam_min_uid 1000
pam_max_uid 5000
pam_password exop
nss_base_passwd ou=people,dc=example,dc=com
nss_base_shadow ou=people,dc=example,dc=com
nss_base_group  ou=groups,dc=example,dc=com

The edit /etc/nssswitch.conf to look like:

passwd:         files ldap
group:          files ldap
shadow:         files ldap

enable ldap user login and testing

Enable the settings by restarting the name service cache daemon

/etc/init.d/nscd restart


getent passwd

to get a list of all users and

getent group

to get a list of all groups. Users and groups managed in the ldap should appear here.
Now ldap user login should be working for all users stored in the ldap. They have to members of the group users in the ldap of course.

2 thoughts on “Ldap user login

  1. Pingback: Samba shares with LDAP

  2. Jan Post authorReply

    In Debian 8 “Jessie” settings have been moved from /etc/libnss-ldap.conf to /etc/libpam-ldap.conf.

Leave a Reply

Your email address will not be published. Required fields are marked *