This is a guide on how to configure an Ubuntu 22.04 or 20.04 or 18.04 or 16.04 LTS servers to authenticate against an LDAP directory server. LDAP is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services.
I expect you already have a running LDAP server, if not, use our guides below to set it up:
Once you have LDAP server configured and user accounts added, you can proceed to install and configure LDAP client.
Install and Configure LDAP Client
Add LDAP server address to /etc/hosts file if you don’t have an active DNS server in your network.
$ sudo vim /etc/hosts
192.168.18.50 ldap.example.comInstall LDAP client utilities on your Ubuntu system:
sudo apt -y install libnss-ldap libpam-ldap ldap-utilsBegin configuring the settings to look like below
1. Set LDAP URI- This can be IP address or hostname
2. Set a Distinguished name of the search base
3. Select LDAP version 3
4. Select Yes for Make local root Database admin
5. Answer No for Does the LDAP database require login?
6. Set LDAP account for root, something like cn=admin,cd=example,cn=com
7. Provide LDAP root account Password
After the installation, edit /etc/nsswitch.confand add ldap authentication to passwd and group lines.
passwd: compat systemd ldap
group: compat systemd ldap
shadow: compatModify the file /etc/pam.d/common-password. Remove use_authtok on line 26 to look like below.
password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_passEnable creation of home directory on first login by adding the following line to the end of file /etc/pam.d/common-session
session optional pam_mkhomedir.so skel=/etc/skel umask=077See below screenshot:
Test by switching to a user account on LDAP
root@server1:~# sudo su - jmutai
Creating directory '/home/jmutai'.
jmutai@server1:~$ id
uid=10000(jmutai) gid=10000(sysadmins) groups=10000(sysadmins)That’s all. If you need advanced centralized user management platform, see
I have followed all the steps to install openldap, LAM, and configuration on the client, but I get an issue when I test by switching to a user account on LDAP, ” su: user does not exist “, i run command “ldapsearch -x” and appears all users on the ldap server,
OpenLDAP (Ubuntu 18.04)
LDAP Client (ubuntu 20.04)
I have found that ‘libnss-ldap’ causes boot to be really slow. ‘libnss-ldapd'(note the ‘d’ at the end) seems to be better.
https://askubuntu.com/questions/458400/ldap-client-causes-boot-to-be-very-slow-on-13-10-causes-hang-on-14-04#comment-1121079
https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/1024475
thank you for the feedback it works for me
One of the best articles with all the information thanks for sharing it with us…
Welcome.
Can someone help me
I’m new to linux, so I followed the above steps to setup ldap client and everything is working fine but I am having issue logging in as an ldap users.
for example
if I do sudo su – // it works fine
but if I try su – //. I get “Authentication failure” when I type the password
and if I try to restart the machine and try to log in as the user I get // sorry password authentication didn’t work
I believe the issue is happing in the /etc/pam.d/common-account or /etc/pam.d/common-auth
anyone experienced this issue before
I got it to work I installed libpam-ldapd instead of libpam-ldap and I didn’t remove the use_authtok from /etc/pam.d/common-password.
great article my friend 😆
Great tutorial.
I plan to use ldap authentication only and MS AD as database with mostly for Linux clients and users.
I wanted to integrate the ldap server (Linux) with the Active Directory and synchronize users and groups.
please I need your help with this.