Use the following ppa

https://launchpad.net/~tmortensen/+archive/ppa

Full Install Instructions

Add the ppa and update apt

apt-get install python-software-properties
add-apt-repository ppa:tmortensen/ppa
apt-get update

Install libldap and nslcd

apt-get install ldap-utils nslcd

Setup your config files and you should be set.

/etc/nslcd.conf

/etc/ldap/ldap.conf

For nsswitch change the passwd,group,shadow lines from compat to
/etc/nsswitch.conf

passwd:         files ldap
group:          files ldap
shadow:         files ldap

By default when a user logs in without a home directory you will get an error. To have pam auto create homes on first login.

Edit these two files and add the following line to each:
/etc/pam.d/common-seesion
/etc/pam.d/common-session-noninteractive

session required pam_mkhomedir.so skel=/etc/skel umask=0022

You can restrict access by group using ssh.
/etc/ssh/sshd_config

AllowGroups LDAPGroupName localaccount

I am setting up rsyslog to send all of its logs to a remote log collection server where I will store them on disk.

Later I will talk about how I have used logstash to pull in these files once on the system.

I won’t bother posting the default lines almost all rsyslog config files will have.

I setup some basic udp collectors for legacy devices

Then load the relp module to provide more reliable tcp logging.  I am going to have mine communicate on tcp port 1088

$ModLoad imrelp
$InputRELPServerRun 1088

The other two custom options I have set are for preserving fqdn because I need the full name to differentiate devices in different cities.

$PreserveFQDN on

I also tun off the message reduction to allow the systems I plan to implements better count messages.

$RepeatedMsgReduction off

Now on the client side all I have to do is include the relp module again and forward all messages via *.*

$ModLoad omrelp
*.* :omrelp:remotesyslog.example.org:1088;RSYSLOG_ForwardFormat

I am also using the RSYSLOG_ForwardFormat to preserve the severity and priority when the message is sent.