Debian

How to Configure LDAP Client in Debian 10

LDAP is an acronym for Lightweight Directory Access Protocol. LDAP allows users to store the usernames and passwords of users in a single place. This place is then used by multiple services for validating the users claiming these services. To use a service, you always need to have a client-end program that can help you to access that service. This article shows you how to install and configure the LDAP client on your Debian 10 system.

Method of Configuring the LDAP Client in Debian 10

To configure the LDAP client on a Debian 10 machine, perform the following fifteen steps. The configurations may vary according to your unique requirements and usage of the LDAP client. The following steps will guide you through some of the more generic LDAP client configurations.

Step 1: Install LDAP Client and Required Packages

First, install the LDAP client and all the packages necessary for LDAP to work properly in Debian 10 by issuing the command below:

sudo apt install libnss-ldap libpam-ldap ldap-utils

As soon as this command starts its execution, you will be able to see an interactive prompt, in which you can perform the various LDAP configurations explained in the following steps.

Step 2: Configure URI for LDAP Server

Next, set up the URI for your LDAP server. The server format is also shown in the following image. Then, press the Enter key to proceed to the next configuration.

Step 3: Set Up Distinct Name for LDAP Search Base

Now, you will set up a distinct name for the LDAP search base. An example is shown in the image below. Then, press the Enter key to go to the next screen.

Step 4: Choose Desired LDAP Protocol Version

There are different LDAP protocol versions available to use; however, it is always recommended to use the latest available version, which, in this case, is version 3. After selecting this version, press the Enter key to confirm your choice, as shown in the following image:

Step 5: Select LDAP Account for Root

Now, specify an account that will be used as the LDAP root user account, after which you will press the Enter key.

Step 6: Set Up Password for LDAP Root Account

Once the LDAP root account has been selected, you will need to set up a password for this account. Type in a password of your choice and then press the Enter key to go to the next screen.

Step 7: Remove LDAP Entries from Configuration File

For the basic LDAP services to function properly, it is recommended to remove the default LDAP entries from the configuration file. This can be done simply by pressing the Enter key or the OK button in the prompt, as shown in the image below:

Step 8: Allow LDAP Admin Account to Behave Like Local Root

Now, allow the LDAP admin account to behave like a local root account by selecting the Yes option from the dialogue box, as shown in the following image:

Step 9: Disable Login for LDAP Database

You can disable the login for the LDAP database by selecting the No option from the dialogue box, as shown in the image below. This will remove the need for authentication at the time of retrieving the LDAP entries.

Step 10: Enter Name of LDAP Administrative Account

Now, enter the name of the LDAP root account that you set up earlier. After that, press the Enter key to continue.

Step 11: Enter Password for LDAP Root Account or Administrative Account

Finally, enter the password for the LDAP root account or administrative account that you set up in Step 6, then press the Enter key, as shown in the image below:

After doing this, the command that you executed in Step 1 will finish its execution while rendering the following messages in your Debian 10 terminal:

Step 12: Update PAM Configurations

Next, configure your Debian 10 system to use LDAP for authentication. To do so, update the PAM configurations by running the following command:

sudo pam-auth-update

This command will display a dialogue box on your screen from which you can select any desired profiles that you want to be enabled. It is recommended to go with the default profile. Then, to continue, press the Enter key.

Step 13: Allow Automatic Creation of User’s Home Directory

You can also choose to allow the automatic creation of the user’s Home directory. To do so, you will edit the Common Session PAM file. This file can be accessed by using the following command:

sudo nano /etc/pam.d/common-session

When this file opens with the nano editor, enter the following line of code at the end of this file:

session required pam_mkhomedir.so skel=/etc/skel umask=077

After adding this line, press Ctrl + X to save your file and exit the nano editor.

Step 14: Restart Name Service Cache Daemon (nscd)

Restart the name service cache daemon (nscd) so that it can read the new configurations. The ncsd can be restarted with the following command:

sudo systemctl restart nscd

Restarting this service will not display any messages in the terminal.

Step 15: Enable Name Service Cache Daemon (nscd)

Finally, re-enable the name service cache daemon (nscd) with the command below:

sudo systemctl enable nscd

This command will display the following messages in the terminal upon successful execution:

This step brings us to the end of the LDAP client configurations in a Debian 10 system.

Method of Removing LDAP Client from Debian 10

If you no longer feel like using the LDAP client for Debian 10, you can conveniently remove it, as well as its configuration files, with the command below:

sudo apt-get purge libnss-ldap libpam-ldap ldap-utils

When this process is completed, the terminal will show the following messages:

Finally, to remove any extra packages that were installed with the LDAP client, issue the following command:

sudo apt-get autoremove

This command will remove all the packages that are no longer needed after removing the LDAP client from Debian 10.

Conclusion

This article explained how to configure the LDAP client on a Debian 10 system. These configurations are extremely easy to perform and will not take more than 10 minutes to do. Finally, we also showed you how to uninstall the LDAP client from your Debian 10 machine.

About the author

Karim Buzdar

Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. He blogs at LinuxWays.