====== openLDAP client ======
A server that wishes to use the openLDAP server (sto3.visielab.uantwerpen.be) must be configured as a ldapclient. Install the following extra packages
apt-get install ldap-utils
apt-get install libnss-ldap libpam-ldap
apt-get install nscd
When the package libnss-ldap starts installing, you will be asked to provide the uri of the openLDAP server, which is
uri ldap://sto3.visielab.uantwerpen.be
No password is needed to connect to the ldapserver. Then ccheck this file
**/etc/ldap/ldap.conf** and adapt the uri as well as the base for the ldap.
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=visielab,dc=be
URI ldap://sto3.visielab.uantwerpen.be
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
To check if this is correctly configured, run a search against the openLDAP server
ldapsearch -x ou=People
# extended LDIF
#
# LDAPv3
# base (default) with scope subtree
# filter: ou=People
# requesting: ALL
#
# People, visielab.be
dn: ou=People,dc=visielab,dc=be
objectClass: organizationalUnit
ou: People
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Now /etc/nsswitch.conf needs some adjustments :
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat ldap
group: compat ldap
shadow: compat ldap
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
Finally we can test if the users defined in the openLDAP server appear on this server as well
getent passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
syslog:x:104:108::/home/syslog:/bin/false
_apt:x:105:65534::/nonexistent:/bin/false
lxd:x:106:65534::/var/lib/lxd/:/bin/false
messagebus:x:107:111::/var/run/dbus:/bin/false
uuidd:x:108:112::/run/uuidd:/bin/false
dnsmasq:x:109:65534:dnsmasq,,,:/var/lib/misc:/bin/false
sshd:x:110:65534::/var/run/sshd:/usr/sbin/nologin
jpe:x:1000:1000:jef peeraer,,,:/home/jpe:/bin/bash
admin:x:1001:1001::/home/admin:/bin/bash
root:x:0:0:Netbios Domain Administrator:/data/home/root:/bin/false
nobody:x:65534:514:nobody:/nonexistent:/bin/false
xre:x:10015:513:terumo upload account:/data/home/xre:/usr/bin/mysecureshell
jdbeen3:x:10016:513:Jan de Beenhouwer:/data/home/jdbeen3:/bin/bash
apresenti:x:10017:513:Alice Presenti:/data/home/apresenti:/bin/bash
ejanssens:x:10018:513:Eline Janssens:/data/home/ejanssens:/bin/bash
wels:x:10019:513:wels:/data/home/wels:/usr/bin/mysecureshell
jsanctorum2:x:10020:513:Jonathan Sanctorum:/data/home/jsanctorum2:/bin/bash
ugent:x:10022:513:universiteit gent:/data/home/ugent:/usr/bin/mysecureshell