configure FQDN hostname for your server
sudo nano /etc/hosts192.168.56.111 ldap.example.com
sudo hostnamectl set-hostname ldap.example.com --staticUpdate Debian server
sudo apt update -ysudo apt upgrade -ysudo apt install slapd ldap-utils -ysudo dpkg-reconfigure slapdAnswer these questions:
omit openldap server configuration? No DNS domain name? example.com remove the database when slapd is purged? No move old database? Yes
check ldap configuration:
sudo slapcatAdd base dn for Users and Groups
nano basedn.ldifdn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
apply basedn.ldif
sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f basedn.ldifAdd User Accounts and Groups
Generate a password for the user account to add
sudo slappasswdsample output:
New password:
Re-enter new password:
{SSHA}5D94oKzVyJYzkCq21LhXDZFNZpPQD9uE
Create ldif file for adding users
nano ldapusers.ldifdn: uid=jmutai,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: Josphat
sn: Mutai
userPassword: {SSHA}5D94oKzVyJYzkCq21LhXDZFNZpPQD9uE
loginShell: /bin/bash
homeDirectory: /home/jmutai
uidNumber: 3000
gidNumber: 300
apply ldapusers.ldif
sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f ldapusers.ldifCreate ldif file for adding group
nano ldapgroups.ldifdn: cn=jmutai,ou=groups,dc=example,dc=com
objectClass: posixGroup
cn: jmutai
gidNumber: 3000
memberUid: jmutai
sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f ldapgroups.ldifDownload the latest release of ldap account manager deb package
wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_7.7-1_all.debsudo apt install -f ./ldap-account-manager_7.7-1_all.debConfigure LDAP Account Manager on Debian 11 / Debian 10
check it on the web:
http://(server’s hostname or IP address)/lam http://192.168.56.111//lam
sudo apt updatesudo apt install libnss-ldap libpam-ldap ldap-utilsAnswer these questions:
LDAP server URI ?
ldap://192.168.56.111/
Distinguished name of search base?
dc=example,dc=com
LDAP version to use?
3
LDAP account for root?
cn=admin,dc=example,dc=com
LDAP root account password?
admin password (smile)
Allow LDAP admin account to behave like local root?
Yes
Does the LDAP database require login?
No
LDAP administrative account?
cn=admin,dc=example,dc=com
LDAP administrative password?
admin password (smile)
First edit nsswitch : (/etc/nsswitch.conf)
passwd: compat ldap
group: compat ldap
shadow: compat ldap
Then edit these files :
/etc/pam.d/common-account
account sufficient pam_unix.so
account required pam_ldap.so
/etc/pam.d/common-auth
auth sufficient pam_unix.so nullok_secure
auth required pam_ldap.so use_first_pass
auth required pam_permit.so
/etc/pam.d/common-password
password sufficient pam_unix.so nullok obsecure md5
password required pam_ldap.so
/etc/pam.d/common-session
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel umask=0022
Then restart nscd service
/etc/init.d/nscd restartRun this command and select all parameters:
pam-auth-update --forcesudo yum updatesudo yum install nss-pam-ldapd nscd openldap-clients -yAfter install the packages you should run the following command for change configs:
authconfig-tuiin the next page you should enter ldap uri and base dn
also add these lines in this file:
sudo vi /etc/nslcd.confldap_version 3 binddn cn=admin,dc=example,dc=com bindpw [admin password]
Then restart nscd service
service nslcd restartThen add the line in this file for make home directory for the ldap users :
/etc/pam.d/sshdsession required pam_mkhomedir.so skel=/etc/skel umask=0022
Then restart sshd service
sudo service sshd restartldapsearch -x -D cn=admin,dc=test,dc=com -w [pass] -p 389 -h localhostldapadd -x -D cn=admin,dc=test,dc=com -w [pass] -p 389 -h localhost -f sshPublicKey.ldifldapmodify -x -a -D cn=admin,dc=test,dc=com -w [pass] -p 389 -h localhost -f /etc
/ldap/schema/ppolicy.ldif