Tuesday, January 10, 2012

LDAP Client on Ubuntu 10.04 LTS


LDAP Client

The bbldapclient package allows an Ubuntu 10.04 LTS machine to authenticate against an LDAP service.

Note that there is some repetition of parameters. This will be fixed in a future release.

The source code for this package is available here. This package also depends on bbldapscripts that is available here.

Be sure you have the ip address of the LDAP server your configured earlier.

You'll first be presented with an interactive session:

Enter your LDAP server ip address.
Next enter your basedn.
Choose LDAP version 3.
Make the local root a Database admin.
Don't require login.
Enter the LDAP root user.
Enter the password for the LDAP root user.

bbldapscripts Interactive Session

Unfortunately, you will now be prompted for overlapping details for bbldapscripts (this will be changed soon.) Portion will try to guess reasonable defaults for all of the questions.

ldap root distinguished name { cn=djadmin,dc=lab,dc=lan }: 
machines relative distinguished name { ou=Machines }: 
ldap server ip address { 172.16.50.254 }: 
ldap base distinguished name { dc=lab,dc=lan }: 
groups relative distinguished name { ou=Groups }: 
ldap server port { 389 }: 
users relative distinguished name { ou=Users }: 
Please enter your ldap admin password:

PAM Configuration

You will then start another interactive session:

Do NOT override local changes.

bbldapclient Interactive Session

Finally, you'll be asked for the bbldapclient parameters. Again, Portion will attempt to guess reasonable defaults.

ldap server ip address { 172.16.50.254 }: 
ldap root distinguished name { cn=djadmin,dc=lab,dc=lan }: 
ldap base distinguished name { dc=lab,dc=lan }: 
ldap server port { 389 }:

Test Installation

You're done. Let's create a sample user to ensure everything is working:

ubuntu@stemsrv01:~$ sudo ldapadduser esark employees
Successfully added user esark to LDAP
Successfully set password for user esark
Successfully created home directory for user esark
 * Restarting Name Service Cache Daemon nscd ... [ OK ] 

Now you should be able to query your new user:

ubuntu@stemsrv01:~$ groups esark
esark : employees

TODO

We need to eliminate the interactive sessions:

sudo DEBIAN_FRONTEND=noninteractive apt-get install bbldapclient -f -y --force-yes --quiet --yes


No comments: