Difference between revisions of "LDAP Client Setup"

From SingletonMillerWiki
Jump to: navigation, search
m
m (LDAP users)
Line 49: Line 49:
 
</pre>
 
</pre>
 
Here I have 3 LDAP users 'raspberrypi', 'jack' & 'jill'.
 
Here I have 3 LDAP users 'raspberrypi', 'jack' & 'jill'.
 +
 +
=== Search ===
 +
<pre>
 +
sudo ldapsearch -x -b 'dc=WORKGROUP,dc=local' '(objectclass=*)'
 +
</pre>
 +
 +
=== su ==
 +
To test log in with an LDAP user. Use "su - <LDAPUSER>".
 +
<pre>
 +
sudo su - <LDAPUSER>
 +
</pre>
  
 
=== LDAP Login ===
 
=== LDAP Login ===

Revision as of 04:41, 8 June 2013


This HowTo provides the steps needed to get your user to authenticate against an existing LDAP database. It will allow any existing LDAP user to log in to the Raspberry Pi with any need to create the user. My primary use for this is to provide an easy mechanism for the user to access his / her network shares.

What is LDAP

LDAP [1] is one method by which a user can authenticate against a central record. Often this is done for the purposes of accessing user specfic data shares or services.

Client Setup

Recent changes to the LDAP client packages have greatly simplified the installation and set-up of LDAP. You can use a RaspberryPi to be the LDAP server and excellent example of how to do this can be found [2]

Preparation

The following informaion is required to access you LDAP server.

  1. LDAP homes name or IP Address , example 192.168.0.123
  2. base DN, example dc=MYWORKGROUP,dc=local
sudo apt-get update
sudo apt-get install libpam-ldapd libnss-ldapd

This will install the packages and dependencies needed and spawn an LDAP configuration wizard asking for the LDAP address and base DN. Lastly the wizard will ask for the services which you wish to access. these depend on you LDAP configuration but its not unreasonable to select everything.

User Home

When logging in with a user not already installed on the RPi, it is necessary to create a folder in /home for the user. Append session required pam_mkhomedir.so umask=0022 skel=/etc/skel to the file /etc/pam.d/common-session, using the following.

sudo echo "session required pam_mkhomedir.so umask=0022 skel=/etc/skel" >> /etc/pam.d/common-session

Testing

LDAP users

Type the following command to show the last 5 users on the pi, your LDAP users should be at the end of the list.

sudo getent passwd | tail -n 5
lightdm:x:106:109:Light Display Manager:/var/lib/lightdm:/bin/false
nslcd:x:107:110:nslcd name service LDAP connection daemon,,,:/var/run/nslcd/:/bin/false
raspberrypi:x:1000000:1000000:temporary pi user:/home/raspberrypi:
jack:x:1000001:1000000:jack:/home/jack:
jill:x:1000002:1000000:jill:/home/jill:

Here I have 3 LDAP users 'raspberrypi', 'jack' & 'jill'.

Search

sudo ldapsearch -x -b 'dc=WORKGROUP,dc=local' '(objectclass=*)'

= su

To test log in with an LDAP user. Use "su - <LDAPUSER>".

sudo su - <LDAPUSER>

LDAP Login

With LDAP configures it should now be possible to login to the Pi as any LDAP user and the Pi with authenticate that user against the LDAP server. This can be via the normal login prompt or via SSH is you have enabled it on the Pi.

Optional Activities

Automatically mount and network shares for the LDAP user Accessing_Network_Shares#Autofs_for_LDAP

Further Reading

http://ldapman.org/articles/intro_to_ldap.html

References

  1. http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
  2. http://ducky-pond.com/posts/11