LDAP is an open-source and cross-platform protocol to be used for directory service authentication. There are many different implementations available. It is used to store and retrieve data from a hierarchical directory structure.
Install and Configure LDAP Client on Ubuntu 20.4 | Ubuntu 18.04
You are ready to start to install and configure the LDAP client when you configure the LDAP server and add user accounts.
In case you have no active DNS server in your network, add the LDAP server address to /etc/hosts.
sudo vim /etc/hosts 192.168.18.50 ldap.example.com
To install LDAP client utilities on your Ubuntu system, run:
sudo apt -y install libnss-ldap libpam-ldap ldap-utils
LDAP Client configuration
Step 1:
Now, you can set LDAP URL. It can be an IP address or hostname. You will be prompted for details of your LDAP server. The ldap-auth-config package is auto-installed will do most of the configuration based on the inputs you enter.
Step 2:
Then, you should enter the name of the LDAP search base, so set a distinguished name of the search base. You can use the components of their domain names.
Step 3:
Select LDAP version 3 to use and click Ok.
Step 4:
To be able to make password utilities that use Pam to behave like you would be changed local passwords. So, to Make local root Database admin, press Yes.
Step 5:
In this step, you will answer No for Does the LDAP database require login? to disable login requirements to the LDAP database.
Step 6:
You need to set the LDAP account for root.
Step 7:
You need to consider a password to use when ldap-auth-config tries to log in to the LDAP directory using the LDAP account for root.
Step 8:
You can find the result of the dialog in the file /etc/ldap.config. If you need to make some changes, open and edit this file using your considered command-line editor.
Now, to configure the LDAP profile for NSS, type:
sudo auth-client-config -t nss -p lac_ldap
Step 9:
Next, to use LDAP for authentication by updating PAM configurations, you must configure the system. Choose LDAP from the menu and log in using LDAP-based credentials.
sudo pam-auth-update
Step 10:
If you wish the home directory of the user to be created automatically, perform one more configuration in the common-session PAM file.
sudo vim /etc/pam.d/common-session
And add the line below in it:
session required pam_mkhomedir.so skel=/etc/skel umask=077
Step 11:
At this point, you can save the changes and close the file. Restart Name Service Cashe Daemon (NCSD) by running:
sudo systemctl restart nscd
sudo systemctl enable nscd
In the case of using replication, LDAP clients will need to refer to multiple servers specified in /etc/ldap.conf. Specify all the servers in the following form:
uri ldap://ldap1.example.com ldap://ldap2.example.com
It implies that the request will time out and if the provider becomes unresponsive, the consumer will attempt to be reached to process it.
Consider the provider for ldap1.example.com and the consumer as ldap2.example.com
Finally, use the command below to check the LDAP entries for a particular user from the server.
getent passwd eldernode
That’s that! Once you view the details of the specific user from the /etc/passwd file, it means your client machines are configured to authenticate with the LDAP server. So, you should be able to log in using LDAP-based credentials.
Conclusion
In this article, you learned How To Install LDAP Client On Ubuntu 20.04. Using LDAP helps you to have the communication language to communicate the applications with other directory services servers. The information of the users needs to be shared with other entities on the network and directory services store the users, passwords, and computer accounts.
參考:
https://blog.csdn.net/liumiaocn/article/details/83990918
https://github.com/AndriiGrytsenko/openssh-ldap-publickey
https://github.com/Lullabot/openldap-schema/blob/master/openssh-lpk.ldif