Bobcares
Client Area
Emergency Support
Latest | Server Management

How to configure LDAP Client on Ubuntu?

by | Oct 28, 2020

LDAP helps us to provide centralized storage of usernames and passwords. After setting up a working LDAP server, we will need to install libraries and configure the client for connecting to it on an Ubuntu system.

As a part of our Server Management Services, we help our Customers with software installations regularly.

Let us today discuss the steps to configure LDAP Client on Ubuntu.

LDAP and its uses

LDAP (Lightweight Directory Access Protocol) is a set of protocols for accessing directory services.

A directory service stores and provides access to information that must either be shared between applications or is highly distributed.

Directory services play an important role in developing intranet and Internet applications by helping us to share information about users, systems, networks, applications, and services throughout the network.

For instance, it helps us to offer centralized storage of usernames and passwords. This allows various applications (or services) to connect to the LDAP server to validate users.

Install and Configure LDAP Client on Ubuntu

Initially, if we do not have an active DNS server in our network, we need to add an LDAP server address to /etc/hosts file.

$ echo “IP_address ldap.example.com” | sudo tee -a /etc/hosts

Install LDAP client utilities on an Ubuntu system

Now let us proceed to install the LDAP client utilities. Like in all other installation, we need to update the system prior to the installation

$ sudo apt-get update

$ sudo apt -y install libnss-ldap libpam-ldap ldap-utils

During the installation, the package installer will ask us a variety of questions. Enter the values according to the environment.

  1. Set LDAP URI – On the first screen, enter the LDAP server details. Enter the LDAP server’s IP address or hostname.
  2. Set a Distinguished name of the search base – Here enter the DN (Domain Name) of the LDAP search base
  3. Choose the LDAP version to use.
    configure ldap client ubuntu
  4. Select Yes to make local root Database admin
  5. Answer No for Does the LDAP database requires login?
  6. Set LDAP account for root, something like cn=admin,cd=example,cn=com
  7. Provide LDAP root account Password

Configure authentication:

The installer does most of the configurations based on our inputs given in the previous section. But, there are still some changes required for LDAP authentication to work.

After the installation, edit /etc/nsswitch.conf and add LDAP authentication to passwd and group lines.

passwd: compat systemd ldap
group:    compat systemd ldap
shadow: compat ldap

Modify the file /etc/pam.d/common-password. Remove use_authtok on line 26 to look like below.

password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass

Enable creation of home directory on the first login by adding the following line to the end of file /etc/pam.d/common-session

session optional pam_mkhomedir.so skel=/etc/skel umask=077

Restart the nscd service.

$ sudo service nscd restart

Test by switching to a user account on LDAP

root@server1:~# su - bob
Creating directory '/home/bob'.
bob@server1:~$ id
uid=10000(bob) gid=10000(sysadmins) groups=10000(sysadmins)

Use the getent command to get the LDAP entries from the LDAP server.

$ getent passwd ldapuser

ldapuser:x:9999:100:Test LdapUser:/home/ldapuser:/bin/bash

Further, to verify the LDAP, log in using the LDAP user “ldapuser” on the client machine.

[Need any further assistance to configure LDAP client on Ubuntu – We’re available 24*7]

Conclusion

In short, LDAP is a widely used protocol for querying and modifying a directory service. Today, we saw how our Support Engineers configure LDAP client on Ubuntu

 

Related posts:

  1. Kerberos and LDAP, So Strong Together
  2. Restore Zimbra LDAP database from backup – How we do it
  3. Nagios Authenticating and Importing Users with AD and LDAP
  4. ElasticSearch LDAP Authentication on the Active Directory

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

8 Comments

  1. Amit
    Amit on 2022-09-28 at 21:29

    Thanks for the configuration details.

    I am able to login ldap user while server is in network.
    But if i removed the network user not able to logged in (Ubuntu) machine

    Reply
    • Hiba Razak
      Hiba Razak on 2022-09-29 at 09:20

      Hi,

      Our Experts can help you with the issue, we’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply
    • aditya khandal
      aditya khandal on 2022-12-13 at 14:57

      hey , can you text me !! i want to know more about ldap !!

      Reply
      • Hiba Razak
        Hiba Razak on 2022-12-13 at 16:02

        Hi,
        Please contact our support team via live chat(click on the icon at right-bottom).

        Reply
  2. Oscar
    Oscar on 2023-01-19 at 09:08

    I have a question, I use openldap user ssh is ok, but when to login to GUI, after fill in username and password, it will back to login page, what should I do?

    Reply
    • Hiba Razak
      Hiba Razak on 2023-01-23 at 16:11

      Hi,
      Please contact our support through live chat(click on the icon at right-bottom).

      Reply
  3. Divya
    Divya on 2023-04-26 at 11:30

    I followed the article and hit this error message.

    ~$ sudo service nscd restart
    Failed to restart nscd.service: Unit nscd.service not found.

    Reply
    • Hiba Razak
      Hiba Razak on 2023-05-19 at 16:08

      Hi,
      Please contact our support team through live chat (click on the icon at right-bottom).

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. Kerberos and LDAP, So Strong Together
  2. Restore Zimbra LDAP database from backup – How we do it
  3. Nagios Authenticating and Importing Users with AD and LDAP
  4. ElasticSearch LDAP Authentication on the Active Directory

Never again lose customers to poor
server speed! Let us help you.

GET STARTED

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

clarity.microsoft.com

Opt Out
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

rb2b.com

Opt Out
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF