You can support us by downloading this article as PDF from the Link below. Download the guide as PDF

This is a guide on how to configure an Ubuntu 20.04|18.04 & Ubuntu 16.04 LTS servers to authenticate against an LDAP directory server. LDAP is a lightweight client-server protocol for accessing directory services, specifically X.500-based directory services.

I expect you already have a running LDAP server, if not, use our guides below to set it up:

How to Install and configure OpenLDAP on Ubuntu LTS

Once you have LDAP server configured and user accounts added, you can proceed to install and configure LDAP client.

Install and Configure LDAP Client on Ubuntu 20.04|18.04 & Ubuntu 16.04 LTS

Add LDAP server address to /etc/hosts file if you don’t have an active DNS server in your network.

$ sudo vim /etc/hosts
192.168.18.50 ldap.example.com

Install LDAP client utilities on your Ubuntu system:

sudo apt -y install libnss-ldap libpam-ldap ldap-utils

Begin configuring the settings to look like below

1. Set LDAP URI- This can be IP address or hostname

ldap client ubuntu 18.04 add uri min

2. Set a Distinguished name of the search base

ldap client ubuntu 18.04 set search base distinguished name min

3. Select LDAP version 3

ldap client ubuntu 18.04 set ldap version min

4. Select Yes for Make local root Database admin

ldap client ubuntu 18.04 make local root database admin min

5. Answer No for Does the LDAP database require login?

ldap client ubuntu 18.04 does ldap require login no min

6. Set LDAP account for root, something like cn=admin,cd=example,cn=com

ldap client ubuntu 18.04 set admin ldap account min

7. Provide LDAP root account Password

ldap client ubuntu 18.04 enter ldap admin pass min

After the installation, edit /etc/nsswitch.confand add ldap authentication to passwd and group lines.

passwd: compat systemd ldap
group: compat systemd ldap
shadow: compat

Modify the file /etc/pam.d/common-password. Remove use_authtok on line 26 to look like below.

password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass

Enable creation of home directory on first login by adding the following line to the end of file /etc/pam.d/common-session

session optional pam_mkhomedir.so skel=/etc/skel umask=077

See below screenshot:

ldap client enable home creation min

Test by switching to a user account on LDAP

[email protected]:~# su - jmutai
Creating directory '/home/jmutai'.
[email protected]:~$ id
uid=10000(jmutai) gid=10000(sysadmins) groups=10000(sysadmins)

That’s all. If you need advanced centralized user management platform, see

How to Install and Configure FreeIPA Server on Ubuntu 18.04 / Ubuntu 16.04

How to Configure FreeIPA Client on Ubuntu 18.04 / Ubuntu 16.04 / CentOS 7

How to Configure FreeIPA replication on Ubuntu / CentOS

As an appreciation for the content we put out,
we would be thrilled if you support us!


As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.

2 COMMENTS

  1. I have followed all the steps to install openldap, LAM, and configuration on the client, but I get an issue when I test by switching to a user account on LDAP, ” su: user does not exist “, i run command “ldapsearch -x” and appears all users on the ldap server,
    OpenLDAP (Ubuntu 18.04)
    LDAP Client (ubuntu 20.04)

LEAVE A REPLY

Please enter your comment!
Please enter your name here