ldap on ubuntu

This entry was posted in Sys admin on by .

FIRST OF ALL, it would be uber helpful if you first stop the naming service.  Otherwise, it will screw you up and confuse you.  Thus:

service nscd stop

 

/etc/ldap.conf is used for authentication

/etc/ldap/ldap.conf is used by other programs to contact the ldap server (pam)

To connect to Active directory, you need to map your unix box’s attributes to active directory’s attributes.  This may be sufficient for you:

nss_map_objectclass posixAccount User
nss_map_objectclass shadowAccount User

nss_map_objectclass posixGroup Group
pam_login_attribute samaccountname
pam_filter objectclass=User
nss_map_attribute uid sAMAccountName
nss_map_attribute uidNumber uidNumber
nss_map_attribute gidNumber gidNumber
nss_map_attribute cn cn
nss_map_attribute uniqueMember member
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute loginShell loginShell
nss_map_attribute gecos gecos
nss_map_objectclass posixGroup group

 

To troubleshoot, try:

id <username>

or

getent passwd <username>

 

 

If things don’t work, beyond editing ldap.conf(s), edit /etc/nsswitch.conf:

passwd: files ldap
shadow: files ldap

 

or

passwd: compat
shadow: compat

passwd_compat: ldap

shadow_compat: ldap

 

 

 

Leave a Comment