How to Configure LDAP Server and Client on Linux Mint

OpenLDAP, a free open-source integration of the Lightweight Directory Access Protocol, is a protocol for centralized directory access in Linux. You can easily configure LDAP Server and Client on Linux Mint to allow system administrators to manage users on a centralized directory. 

Configure LDAP Server and Client on Linux Mint

In the Microsoft environment, we have Active Directory which is used to authenticate the desktop with server machines to a centralized directory. This is very useful when we want to manage multiple users and allow users to log in on any system without having the actual account on their local machine. However, in Linux, there is no concept of Active Directory.

Instead, we utilize the OpenLDAP protocol to manage users on the server. We configure OpenLDAP such that the desktop machine can authenticate with the server.

In this tutorial, we will cover how to configure the LDAP server and client on the Linux Mint machines. The tutorial is suitable for those configuring the LDAP from scratch. 

What You’ll Need

In this tutorial, we are configuring both the LDAP Server and Client on Linux Mint machines. Furthermore, all the necessary configurations will be performed with the sudo privilege.

Configure LDAP Server on Linux Mint

1. Set Up Hostname for the Server

Before starting with the installation, it is crucial to set up the server name. For this step, use the hostnamectl command and set the hostname. For example:

sudo hostnamectl set-hostname example.example.com

Secondly, add the IP and FQDN to the hosts file located at file /etc/hosts. Edit the file using the vim or nano editor. For example:

sudo vim /etc/hosts
IP_Address example.example.com
Configure LDAP Server and Client on Linux Mint

Replace example.example.com and IP Address with correct hostname here. 

2. Install LDAP Server on Linux Mint

After the configuration in the host’s file, the next step is to install the OpenLDAP server. To install the packages, use the install command followed by the package name. Make sure to update the installed packages first.

sudo apt update
sudo apt -y install slapd ldap-utils 

The process will ask you to set up the password for the LDAP administrator. 

Configure LDAP Server and Client on Linux Mint

Provide your desired password and hit the “Enter” key to continue with the installation. 

3. Start the LDAP Service

OpenLDAP configuration required slapd and slurpd daemon. The slapd and slurpd daemons are UNIX-based daemons responsible for providing replicated services on any number of ports. In this tutorial, we are covering the configuration of the server without replication, hence, we will focus on the slapd daemon only.

Now, start the installed service using the start command. Secondly, enable it and then check its status using the status command. For example:

sudo systemctl start slapd
systemctl enable slapd
systemctl status slapd
LDAP

4. Configure the Firewall

Additionally, update the firewall settings to allow the LDAP server daemon. For this step, use the allow command with the ufw firewall. For example:

sudo ufw allow ldap
LDAP

5. Configure LDAP on Linux Mint to Add base dn for Users

In this step, we will create a file to add base DN for users and groups that will be accessing our server. To create the file, you can use the vim or nano command. For example:

sudo vim basedn.ldif

Next, add the following code to the file and save the file. Make sure to replace “example” and “com” with your domain and domain name.

dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people

You can add the following entry for the group:

dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups

After that, add the LDAP entry of the file that we have created above. For example:

sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f basedn.ldif
LDAP Server

6. Add User Accounts and Groups

In this step, we will first generate the password for the user accounts. For example:

sudo slappasswd
LDAP Password

Secondly, we will create one file for users and one for groups. For users, create that file using the nano or vim command. For example:

vim ldapusers.ldif

Thirdly, add the user and group information in the file. Make sure to use your own username, domain name, and path in this step.

dn: uid=ldap,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: ldap
sn: Wiz
userPassword: {SSHA}Zn4/E5f+Ork7WZF/alrpMuHHGufC3x0k
loginShell: /bin/bash
uidNumber: 2000
gidNumber: 2000
homeDirectory: /home/ldap

After that, add that file in the OpenLDAP configuration. 

ldapadd -x -D cn=admin,dc=example,dc=com -W -f ldapusers.ldif 
LDAP Server File

Similarly, you can create a file for group accounts by following the same steps. 

Finally, you have configured the LDAP Server on Linux. 

Install and Configure LDAP Client on Linux Mint

LDAP servers provide information to the LDAP clients. Therefore, a separate client account is not required. When a new user is added, you can simply edit the user file and add its configuration.

1. Install LDAP Client on Linux Mint

In this step, we will install and configure LDAP Client on Linux to access the LDAP server. Firstly, add the LDAP server address to the etc/hosts file. Edit the file using vim or the nano editor. For example: 

sudo vim /etc/hosts

Add the following content:

IP_ADDRESS YOUR_DOMAIN_NAME

Make sure to save the file before exiting the editor.

Secondly, install the LDAP client utilities on your system using the install command.

For example:

sudo apt -y install libnss-ldap libpam-ldap ldap-utils
Configure LDAP Server and Client

You will be asked to configure various settings. Here is a summary of the default settings that you should opt for.

  • Set LDAP URI – Add your client IP Address or Hostname. For example: ldapi:///ldap.example.com
Configure LDAP Server and Client
  • Set a Distinguished name of the search base – For example dc=example, dc=com
Configure LDAP
  • Select LDAP version – 3
Configure LDAP
  • Make local root Database admin – Yes
Configure LDAP
  • Does the LDAP database require login? No
Configure LDAP
  • LDAP account for root – For example: cn=admin,cd=example,cn=com
  • LDAP root account Password – Enter your LDAP root account password

2. Add Configuration Files

Thirdly, add the following configuration in the /etc/nsswitch.conf file. You can access the file using the nano or vim editor. 

For example:

passwd: compat systemd ldap
group: compat systemd ldap
shadow: compat

Next, edit the /etc/pam.d/common-password file and remove use_authtok. The file would contain a similar string like that:

Configure LDAP Server and Client
password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass

After that, edit the /etc/pam.d/common-session file and enable the creation of the home directory by adding the following settings:

session optional pam_mkhomedir.so skel=/etc/skel umask=077

Finally, you have configured the OpenLDAP client on Linux. 

Now, reboot the client machine. After that, try to log in to your server machine with the user you just created. It should authenticate and log in as well. Similarly, you can configure your other clients to access the server using the OpenLDAP server. 

In this article, we have covered how to configure the LDAP server and the client on Linux Mint machines. The LDAP utility can also be used to authenticate users coming from web applications. The tutorial has covered how to configure LDAP on Linux Mint only. Furthermore, you can also configure your LDAP server with SSH to enforce a layer of security to your directory services.  For more details, check out its official documentation.

If this guide helped you, please share it.

Leave a Reply
Related Posts