21 Apr

Ubuntu 12.04 Precise: ldap with a server that supports openssl not gnutls ?

If you need to use ldap but your server does not support gnutls and instead it would like to use ssl.

Use the following ppa

https://launchpad.net/~tmortensen/+archive/ppa

Full Install Instructions

Add the ppa and update apt
apt-get install python-software-properties
add-apt-repository ppa:tmortensen/ppa
apt-get update

Install libldap and nslcd

apt-get install ldap-utils nslcd

Setup your config files and you should be set.

/etc/nslcd.conf

/etc/ldap/ldap.conf

For nsswitch change the passwd,group,shadow lines from compat to
/etc/nsswitch.conf

passwd:         files ldap
group:          files ldap
shadow:         files ldap

By default when a user logs in without a home directory you will get an error. To have pam auto create homes on first login.

Edit these two files and add the following line to each:
/etc/pam.d/common-seesion
/etc/pam.d/common-session-noninteractive

session required pam_mkhomedir.so skel=/etc/skel umask=0022

 

You can restrict access by group using ssh.
/etc/ssh/sshd_config

AllowGroups LDAPGroupName localaccount