How do I set up LDAP for user management in Linux

Setting up LDAP (Lightweight Directory Access Protocol) for user management in Linux allows you to manage user accounts and authentication in a centralized way. Here’s a step-by-step guide to help you set up LDAP on your Linux system.

Prerequisites

Before starting, make sure you have the following:

  • Linux server (e.g., Ubuntu, CentOS)
  • Root access to the server
  • Basic knowledge of Linux command line

Step 1: Install OpenLDAP

To install OpenLDAP and its utilities, run the following command:

sudo apt-get install slapd ldap-utils

Step 2: Configure OpenLDAP

During installation, you will be prompted to set an admin password. After installation, you can reconfigure slapd using:

sudo dpkg-reconfigure slapd

Step 3: Verify the Installation

Check if OpenLDAP is running:

sudo systemctl status slapd

Step 4: Add Base DN

OpenLDAP needs a base distinguished name (DN). Create a ldif file (e.g., base.ldif) with the following content:

dn: dc=example,dc=com objectClass: dcObject dc: example dn: cn=admin,dc=example,dc=com objectClass: organizationalRole cn: admin description: LDAP Administrator

Now, add the base DN:

sudo ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f base.ldif

Step 5: Adding Users

You can also add user entries in a similar way. Create a user.ldif file:

dn: uid=user1,ou=People,dc=example,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: User One sn: One uid: user1 userPassword: password gidNumber: 1001 homeDirectory: /home/user1 uidNumber: 1001

Add the user using:

sudo ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f user.ldif

Step 6: Configuration of PAM and NSS

To use LDAP for authentication, you need to configure PAM (Pluggable Authentication Modules) and NSS (Name Service Switch). Edit the following files:

For /etc/nsswitch.conf, add:

passwd: compat ldap group: compat ldap shadow: compat ldap

For /etc/pam.d/common-auth, add:

auth required pam_unix.so nullok_secure auth required pam_ldap.so

Conclusion

You now have a basic LDAP setup for user management in Linux. Remember to replace the example placeholders (like domain and user details) with your actual data.


LDAP user management Linux OpenLDAP installation directory services

Related Questions

How do I avoid rehashing overhead with std::set in multithreaded code?

How do I find elements with custom comparators with std::set for embedded targets?

How do I erase elements while iterating with std::set for embedded targets?

How do I provide stable iteration order with std::unordered_map for large datasets?

How do I reserve capacity ahead of time with std::unordered_map for large datasets?

How do I erase elements while iterating with std::unordered_map in multithreaded code?

How do I provide stable iteration order with std::map for embedded targets?

How do I provide stable iteration order with std::map in multithreaded code?

How do I avoid rehashing overhead with std::map in performance-sensitive code?

How do I merge two containers efficiently with std::map for embedded targets?