In the previous tutorial, We successfully installed OpenLDAP Server and LAM on Ubuntu.
In this tutorial, We will learn How to Install and Configure OpenLDAP Client on Ubuntu
Prerequisites
- OpenLDAP Server installed on another server.
- User privileges: root or non-root user with root privileges.
Read more
- How to Install and Configure OpenLDAP Server & LAM on Ubuntu
- How to Create OUs Groups Users on OpenLDAP Server with LAM
- How to Configure Hostname and FQDN/Fullname on Linux
For this tutorial
- Domain: totatca.local
- OpenLDAP Server
- Full name: ldap-1.totatca.local
- IP address: 192.168.1.8
- Users: it1, it2,…was created
- OpenLDAP Client
- Fullname: ubt22-2.totatca.local
- IP address: 192.168.1.9
Let’s go…
On the OpenLDAP Server
Check the status of the OpenLDAP server, and ensure it’s running:
sudo systemctl status slapd
Sample output:
![Check status of OpenLDAP server](https://totatca.com/wp-content/uploads/2023/03/03.-Check-status-of-OpenLDAP-server.jpg)
On the OpenLDAP Client
Step 1 – Prepare
First of all, we need to update the system packages to the latest versions available on your system following the command below:
sudo apt update && sudo apt upgrade -y
Next, you need to add an LDAP server address to the /etc/hosts file if you do not have an active DNS server on your system network following the command below:
sudo vim /etc/hosts
Add new content below:
192.168.1.8 ldap-1.totatca.local
Sample output:
![Add to hosts file](https://totatca.com/wp-content/uploads/2023/03/04.-Add-to-hosts-file.jpg)
Save and exit the file by pressing Esc :x and hit Enter
Step 2 – Install OpenLDAP Client
Everything is done, run the command below to install OpenLDAP Client on your system:
sudo apt install libnss-ldap libpam-ldap ldap-utils nscd -y
During the installation, you need to answer some questions about LDAP Server information
- LDAP server Uniform Resource Identifier:
ldap://192.168.1.8
(replace ldap://192.168.1.8 = Your URL OpenLDAP Server)
![LDAP Server Iniform Resource Identifier](https://totatca.com/wp-content/uploads/2023/03/05.-LDAP-Server-Iniform-Resource-Identifier.jpg)
- Distinguished name of the search base:
dc=totatca,dc=local
( replace totatca.local = Your domain)
![Distinguished name of the search base](https://totatca.com/wp-content/uploads/2023/03/06.-Distinguished-name-of-the-search-base.jpg)
- LDAP version to use: select the version
3
![LDAP version to use](https://totatca.com/wp-content/uploads/2023/03/07.-LDAP-version-to-use.jpg)
- Make local root Database admin: select
<Yes>
To make password utilities that use Pam to behave like you would be changed local passwords.
![Make local root Database admin](https://totatca.com/wp-content/uploads/2023/03/08.-Make-local-root-Database-admin.jpg)
- Dose the LDAP database require login?: select
<No>
to disable login requirements to the LDAP database.
![Dose the LDAP database require login](https://totatca.com/wp-content/uploads/2023/03/09.-Dose-the-LDAP-database-require-login.jpg)
- LDAP account for root:
cn=admin,dc=totatca,dc=local
( Account LDAP Server create in the previous tutorial )
![LDAP Account for root](https://totatca.com/wp-content/uploads/2023/03/10.-LDAP-Account-for-root.jpg)
- LDAP root account password: input password of LDAP admin
![LDAP root account password](https://totatca.com/wp-content/uploads/2023/03/11.-LDAP-root-account-password.jpg)
Step 3 – Configure LDAP Client
After successfully installing the OpenLDAP client, now we will go to configure authentication between the client and the server.
First, open the /etc/nsswitch.conf
file to authenticate user between LDAP Client and LDAP Server.
sudo vim
/etc/nsswitch.conf
and edit lines below:
passwd: compat systemd ldap group: compat systemd ldap shadow: compat
![Edit nsswitc.conf file](https://totatca.com/wp-content/uploads/2023/03/12.-Edit-nsswitc.conf-file.jpg)
Save and exit the file by pressing Esc :x and hit Enter
Next, open the /etc/pam.d/common-password
file to disable the use_authtok module.
sudo vim /etc/pam.d/common-password
Remove the use_authtok
modules on lines below:
###Before password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass ###After password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass
![Edit common-password file](https://totatca.com/wp-content/uploads/2023/03/13.-Edit-common-password-file.jpg)
Save and exit the file by pressing Esc :x and hit Enter
Lastly, open the /etc/pam.d/common-session
file to automatically create a home directory when LDAP users log in system.
sudo vim /etc/pam.d/common-session
Add new content below to the end of the file:
session optional pam_mkhomedir.so skel=/etc/skel umask=077
![Edit Common-session file](https://totatca.com/wp-content/uploads/2023/03/14.-Edit-Common-session-file.jpg)
Save and exit the file by pressing Esc :x and hit Enter
Everything is done, now reboot the system to apply the changes.
Step 4 – Testing
The previous tutorial created users (it1, it2, hr1, hr2,…) on the LDAP server.
Once reboot the system, is on the screen login click Not listed? button
![Choose login](https://totatca.com/wp-content/uploads/2023/03/15.-Choose-login.jpg)
Input an account on the OpenLDAP server (example: hr1) and input the password of the hr1
![Input password](https://totatca.com/wp-content/uploads/2023/03/16.-Input-password.jpg)
Success !!!
![Success](https://totatca.com/wp-content/uploads/2023/03/17.-Success.jpg)
You can also check with the command line by switching to an account on the LDAP server
sudo su – it1
You should see it auto-create the home directory and switch to the mode account on the OpenLDAP server
![Command line](https://totatca.com/wp-content/uploads/2023/03/18.-Command-line.jpg)
That’s it. You successfully installed OpenLDAP Client on Ubuntu
Thank you for reading !!!