Ubuntu LDAP client How To

This works with Ubuntu 10.04 clients using an OSX Snow Leopard OpenLDAP server. It should work with other variants, but I had such a terrible time finding documentation for ubuntu and osx, that I decided to post this.

Step one: Make sure root has a password, if you screw this up and root doesn’t have a password, you won’t be able to su -.

sudo passwd

Now install the packages you need for the Ubuntu client:

apt-get install nss-updatedb ldap-utils libpam-ldap libnss-ldap nscd nslcd sudo-ldap

Next, edit /etc/nsswitch.conf and change

passwd: compat

group: compat


passwd: files ldap

group: files ldap

Now restart the nscd service and nslcd

When you install the packages above, it will prompt you for your directory info. I skipped that config and edited manually. /etc/ldap.conf should look like this:

base dc=example,dc=com
ldap_version 3
#pam_filter !(uid=root)
pam_password crypt

Now make sure your nslcd.conf is correct:

# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
uri ldap://

# The search base that will be used for all queries.
base dc=example,dc=com
# The LDAP protocol version to use.
ldap_version 3

# The DN to bind with for normal lookups.
#binddn cn=annonymous,dc=example,dc=net
#bindpw secret

# SSL options
ssl off
#tls_reqcert never

# The search scope.
scope sub

That should do it. If your LDAP admin group is “admin”, users in that group should have sudo based on the default sudoers.

This entry was posted in HowTo and tagged , , , , , , . Bookmark the permalink.

Leave a Reply