Allow linux users to login using ldap

Allow linux users to login using ldap

To enable LDAP authentication, we need to install the nslcd package. When configured properly this will allow us to add users and have them authenticate via LDAP. Local users will still be able to login using a local password, think of it as a fall through mechanism.

apt-get install nslcd

The installer will ask you some questions.
LDAP URL: usually something like ldap://

Enter LDAP server URL
Enter LDAP server URL

LDAP root to search in: usually something like: DC=mycompany,DC=com, but you could put a specific container/group if you want to.

LDAP base DN to search in
LDAP base DN to search in

Choose simple authentication.

Type of LDAP authentication
Type of LDAP authentication

In this mode we need to specify a username and password that is allowed to search LDAP.

Last step is to choose whether to enable Secure LDAP.

Use  StartTLS
Use StartTLS

If the installer asks for a location choose passwd and shadow.

To review these settings

vim /etc/nslcd.conf

Some of the settings added by the installer.

tls_reqcert never
referrals off
filter passwd (objectClass=user)
filter shadow (objectClass=user)
map passwd uid sAMAccountName
map shadow uid sAMAccountName
binddn XXXXX
bindpw XXXX

Restart the service after making changes

/etc/init.d/nslcd restart

Don’t forget to add a local account with the same samID.

useradd -m -s /bin/bash usernameeee

Leave a Reply

Your email address will not be published. Required fields are marked *