LDAP Clinet Installation and Configuration.

• Log onto the virtual machine, created for use as a LDAP client, as root using the password set at VM creation.

~$ ssh root@vm31.student.lab
Warning: Permanently added 'vm31.student.lab,10.80.3.31' (RSA) to the list of known hosts.
root@vm31.student.lab's password:Li0p13ur0d0n

• Use pico to edit the '/etc/hosts' file and change the beginning of the file matchs the following:

127.0.0.1      localhost
10.80.3.31     vm31.student.lab vm31
10.80.3.36     vm36.student.lab vm36
#The following lines are desireable for IPv6 capable hosts

• Install the ssh nmap packages using the command 'apt-get install ssh nmap'
  • Press <Y> and <Enter> when prompted.
• Confirm the LDAP server is available on the network using the command 'nmap -p 389 vm36.student.lab'
  • Port state and service should read as “389/tcp open ldap”

• Install the client packages needed using the command 'apt-get install libnss-ldap libpam-ldap nscd'
  • When prompted enter 'ldap://vm36.student.lab' and press <Enter>.
  • When prompted change the default entry to 'dc=student,dc=lab' and press <Enter>.
  • When prompted select “3” using the arrow keys and press <Enter>.
  • When prompted change the default entry to 'cn=manager,dc=student,dc=lab' and press <Enter>.
  • When prompted for a password press <Enter>.
    • DO NOT ENTER A PASSWORD AT THIS POINT!
  • When prompted press <Enter>.
  • When prompted select “<No>” using the arrow keys and press <Enter>.
  • When prompted select “<No>” using the arrow keys and press <Enter>.
• Install the LDAP utilities package using the command 'apt-get install ldap-utils' and press <Enter>.
• Reconfigure the debconf of libnns-ldap using the command 'dpkg-reconfigure libnss-ldap' and press <Enter>.
  • When prompted, confirm the entry reads “ldap://vm36.student.lab” and press <Enter>.
  • When prompted, confirm the entry reads “dc=student,dc=lab” and press <Enter>.
  • When prompted use the arrows to select “3” and press <Enter>.
  • When prompted use the arrows to select “<No>” and press <Enter>.
  • When prompted use the arrows to select “<No>” and press <Enter>.
  • When prompted use the arrows to select “<No>” and press <Enter>.
  • Press <Enter> to select “<Ok>”.

• Use pico to edit the “/etc/ldap/ldap.conf” file using the command 'pico /etc/ldap/ldap.conf' and change the BASE and URI lines to match the following:

BASE     dc=student,dc=lab
URI     ldap://vm36.student.lab ldap://vm36.student.lab:665

• Save and exit usint the <Ctrl>+<X> command.

• Stop the nscd daemon using the command '/etc/init.d/nscd stop'
• Use pico to edit the nsswitch.conf file by typing the command 'pico /etc/nsswitch.conf' and pressing <Enter>.
  • Change the passwd, group, shadow, and hosts entries to match the following:

passwd:          ldap files
group:           ldap files
shadow:          ldap files

hosts:           files dns

• Save and exit using the <Ctrl>+<X> command.
• Use the command '/etc/init.d/nscd restart' and then the <Enter> key to restart the Name Service Cache Daemon.

• Use pico to edit the common-session file using the command 'pico /etc/pam.d/common-session'
  • Add the following line to the end of the file:

session required pam_mkhomedir.so

• Save and exit using the <Ctrl>+<X> command.

• Confirm installation using the following command:

~# id genUsr

• The response should look like:

uid=20000(genUsr) gid=20000 groups=20000

TechNotes - OpenLDAP client on Debian Squeeze

PAM configuration guide for Debian

RFC 3377 - LDAP

RFC 2251 - LDAP