How to set up OpenLDAP Client on Debian 10

How to set up OpenLDAP Client on Debian 10

In this tutorial, I will show you how to set up an OpenLDAP client using Debian 10 Buster. Before using this guide, make sure that you have an OpenLDAP server installed on another node or server to which the client can connect.

In this tutorial, I will use Debian 10 with 1GB RAM and 15GB disk space. In addition, you must have root privileges.

What are we going to do

  • Install and configure the OpenLDAP client package
  • Setting the name service switch (nsswitch)
  • Setting up Pam authentication and sessions
  • testing

Step 1-install and configure the OpenLDAP client package

First, we will install the LDAP package on the client. We will install libnss and libpam packages for the ldap client.

During the ldap client package installation process, you will be required to perform some configuration, including the ldap server address, the ldap base DN, and the password of the ldap admin user.

Use the following apt command to install the ldap package for the client.

                        sudo apt install libnss-ldap libpam-ldap ldap-utils

Install libnss-ldap

You will now be asked to provide the LDAP server IP address. Enter your LDAP / LDAPS server IP address and select “OK”.

Enter the base DN of the LDAP server and select OK.

Base DN

Now specify the LDAP protocol version as “3” and select “OK”.

LDAP protocol version

Enter the default LDAP root user (default is admin) and select OK again.

LDAP root user

Now enter the password for the default administrator user.

LDAP user password

For NSSwitch configuration, select OK.

NSSwitch configuration

Install libpam-ldap

Next, by selecting “Yes”, allow the ldap admin user to reinstall like the root user.

Install libpam-ldap

For the LDAP database login password, I choose “No”.

LDAP database login

Now type the default administrator user of the LDP server again and select OK.

Default admin user

Enter the administrator password and select OK again.

Admin password

Step 2-Set up the name service switch (nsswitch)

In this step, we will modify the NSSwitch configuration ‘/etc/nsswitch.conf’ to use ldap as a data source.

Edit configuration “/etc/nsswitch.conf” with vim editor.

                        vim /etc/nsswitch.conf

Now change the detailed lines as shown below.

                        passwd: compat ldapgroup: compat ldapshadow: compat ldap

Save and close.

NSSwitch will now loop the information for user authentication to the ldap server.

Step 3-setting up Pam authentication and sessions

In this step, we will set up pam password authentication by disabling the “use_authok” module and add an optional pam session to automatically create the home directory.

The “use_authtok” module will not prompt the user for a new password, and the “pam_mkhomedir” module will automatically create a home directory for the ldap user.

For pam authentication password, edit configuration ‘/etc/pam.d/common-password’ using vim editor.

                        vim /etc/pam.d/common-password

Remove the option “use_authtok” in the password “pam_ldap” module configuration as shown below.

                        password [success=1 user_unknown=ignore default=die] try_Step 4 - Testingfirst_pass

Save and close.

Next, edit the pam session configuration ‘/etc/pam.d/common-session’.

                        vim /etc/pam.d/common-session

Add the “pam_mkhomedir” module configuration below.

                        session optional skel=/etc/skel umask=077

Save and close.

Therefore, you have set up a PAM module for authentication and session configuration.

Now restart the Debian client.

                        sudo reboot

Configure nsswitch and restart

Step 4-Test

To test the installation and configuration of the OpenLDAP client, log in to the client system using the user provided by the OpenLDAP server.

Login with user ‘olaf’ available on the OpenLDAP server.

Test OpenLDAP login

Once the “olaf” user logs in, a new user home directory is automatically created for that user.

Landed successfully

As a result, the installation and configuration of the OpenLDAP client on Debian 10 has been successfully completed.


Related Posts