Up until now all of my Linux authentication has been local file based auth. I’ve added LDAP to services and applications, but logging into a Linux box has always had local users.
Following a process to install LDAP as the pam authenticator for Debian Buster included the following steps.
$ sudo apt install libnss-ldapd libpam-ldap ldap-utils
Then provide the details meeting your LDAP needs. Such as:
LDAP URI: ldap://ldap.domain.tld/
Search Base: dc=domain,dc=tld
DN and password of the Admin account if required: cn=admin,ou=People,dc=domain,dc=tld
Now you need to modify some configuration files.
/etc/nsswitch.conf to add in references to ldap, we’re also going to use it for sudo and have added that into the config.
passwd: compat ldap
group: compat ldap
shadow: compat ldap
sudoers: files ldap
use_authok from any line in the file
Add the following line:
session optional pam_mkhomedir.so skel=/etc/skel umask077
For good measure restart
nscd after making any changes to the above files.
$ sudo systemctl restart nscd