Ubuntu - LDAP Configuration

 

 

Documentation out of date, do not use !

 

 

Last update: January 21th, 2015

To see the old documentation, go here, here and here.

The following script will install and configure (the most part of) the LDAP authentification on Ubuntu (10.04 to 14.04).

Get the script

In a terminal, copy and paste the following line to get the script.

$ wget -O /tmp/ubuntu-ldap-configuration.sh https://wiki.epfl.ch/icit/documents/docs/ubuntu-ldap/ubuntu-ldap-configuration.sh

Execute the script

The following line will change the permission of the file to be able to execute it.

$ chmod +x /tmp/ubuntu-ldap-configuration.sh

Then, as the script needs root privilege, switch to root user.

$ sudo su

Then, execute the script

# /tmp/ubuntu-ldap-configuration.sh

Answer the questions

The script will configure automatically most part of the process, but some questions need to be answered.

LDAP

LDAP server URI:
ldap://scoldap.epfl.ch

LDAP search base:
o=epfl,c=ch
    

Name services to configure:
[ ] aliases
[ ] ethers
[*] group
[ ] hosts
[ ] netgroup
[ ] networks
[*] passwd
[ ] protocols
[ ] rpc
[ ] services
[*] shadow

Add a group or a user to the sudoers

When a user group or a user is added to the sudoers, it will be able to use sudo to administrate the machine.

Groups

You need to search a user (by its name or username) that inside the group you want to add.

Example

Would you like to add a group or a user to the sudoers ?
1) Yes
2) No
#? 1
1) Add a Group using the username
2) Add a User
3) Finished
#? 1
Search a user inside the LDAP (optional): Ludovic Delafontaine
Results:
ludelafo:*:146978:11194:Ludovic Delafontaine:/home/ludelafo:/bin/bash
Username: ludelafo
Element added.
1) Add a Group using the username
2) Add a User
3) Finished

The script will automatically add the group based on the username to the sudoers so every member of this group will be able to use sudo.

User

It's exactly the same as before, just select "Add a user"

Autorize a group or a user to login using ssh

This step allows groups or a specific user to login on the machine using ssh (usually used for servers)

Would you like to add a group or a user to be able to log in using ssh ?
1) Yes
2) No
#? 1
1) Add a Group using the username
2) Add a User
3) Finished
#? 1
Search a user inside the LDAP (optional): Ludovic Delafontaine
Results:
ludelafo:*:146978:11194:Ludovic Delafontaine:/home/ludelafo:/bin/bash
Username: ludelafo
Element added.
1) Add a Group using the username
2) Add a User
3) Finished


The script will add the id of the group (gid) to /etc/nslcd.conf.

User

It's exactly the same as before, just select "Add a user"

At the end

When the script is done, it will automatically reboot after 10 secondes.

Then, you can login with your gaspar ID/Password !

Add local users

If a specific user/task needs a local account, please see here: Ubuntu - Add local users with machines in LDAP

Problems with GUI-based applications

When using GUI-based application (Graphical User Interface), you may need to have root/sudo access to do something or the GUI-based application needs special rights (for example, configuring the printers).

Even if you are in the sudoers, it doesn't work.

You need a special program called 'gksu'. This will allow you to launch a GUI-based application with sudo rights.

For more informations, see here: 'sudo' command with GUI-based applications