LDAP based user login

Configure your second VM (the one without LDAP Server) to allow for user login purely based on LDAP.

  • Activation of OS level LDAP user and group support is being outlined in Configuring LDAP Authentication.

  • Follow the «newer» PAM Setup with libpam-ldapd approach rather than using the older libpam-ldap package.

  • First step will allow for viewing user meta data on the client side:

    $ id ldaptest
    uid=1001(ldaptest) gid=1001(ldaptest) groups=1001(ldaptest)

    A id: ‘ldaptest’: no such user message indicates your LDAP setup does not yet work.


    • /etc/nsswitch.conf should contain:

      passwd:         files ldap
      group:          files ldap
      shadow:         files ldap

      What does this mean?

    • Shut down you nscd daemon. Why?

    • After changing your configuration a reboot might be required.

    • On your LDAP server side: Enable an appropriate logging level for debugging connection attempts. You may want to select conns, config and stats.

  • Create the required user home directory manually and change owner and group accordingly.


LDAP user information (uid, common name, numerical id, group information ...) will reside on your LDAP Server rather than locally in /etc/passwd, /etc/group and /etc/shadow.