LDAP Client Setup
This HowTo provides the steps needed to get your user to authenticate against an existing LDAP database. It will allow any existing LDAP user to log in to the Raspberry Pi with any need to create the user. My primary use for this is to provide an easy mechanism for the user to access his / her network shares.
Contents
What is LDAP
LDAP [1] is one method by which a user can authenticate against a central record. Often this is done for the purposes of accessing user specfic data shares or services.
Client Setup
Recent changes to the LDAP client packages have greatly simplified the installation and set-up of LDAP. You can use a RaspberryPi to be the LDAP server and excellent example of how to do this can be found [2]
Preparation
The following informaion is required to access you LDAP server.
- LDAP homes name or IP Address , example 192.168.0.123
- base DN, example dc=MYWORKGROUP,dc=local
sudo apt-get update sudo apt-get install libpam-ldapd libnss-ldapd
This will install the packages and dependencies needed and spawn an LDAP configuration wizard asking for the LDAP address and base DN. Lastly the wizard will ask for the services which you wish to access. these depend on you LDAP configuration but its not unreasonable to select everything.
User Home
When logging in with a user not already installed on the RPi, it is necessary to create a folder in /home for the user.
Append session required pam_mkhomedir.so umask=0022 skel=/etc/skel
to the file /etc/pam.d/common-session
, using the following.
sudo echo "session required pam_mkhomedir.so umask=0022 skel=/etc/skel" >> /etc/pam.d/common-session
Testing
LDAP users
Type the following command to show the last 5 users on the pi, your LDAP users should be at the end of the list.
sudo getent passwd | tail -n 5
lightdm:x:106:109:Light Display Manager:/var/lib/lightdm:/bin/false nslcd:x:107:110:nslcd name service LDAP connection daemon,,,:/var/run/nslcd/:/bin/false raspberrypi:x:1000000:1000000:temporary pi user:/home/raspberrypi: jack:x:1000001:1000000:jack:/home/jack: jill:x:1000002:1000000:jill:/home/jill:
Here I have 3 LDAP users 'raspberrypi', 'jack' & 'jill'.
LDAP Login
With LDAP configures it should now be possible to login to the Pi as any LDAP user and the Pi with authenticate that user against the LDAP server. This can be via the normal login prompt or via SSH is you have enabled it on the Pi.
Optional Activities
Automatically mount and network shares for the LDAP user Accessing_Network_Shares#Autofs_for_LDAP