|Description||The 57North Hacklab LDAP|
Future centralised authentication will be provided by 57North ID. Please use this for future projects.
An LDAP service runs on synology. This provides authentication services for the space desktops. Accounts in this LDAP system were manually created and not tied to any other space management system, which was less than ideal. We are in the process of retiring this service.
ldap://synology.57north.org.uk/Root bind DN:
uid=root,cn=users,dc=57north,dc=org,dc=ukRoot bind password: <the password>
LDAP Authentication on Debian
Start by installing the required packages:
apt-get install libnss-ldap libpam-ldap
You can get the required information for the debconf prompts from above.
You will have to enter the details twice, once for the NSS setup and once for the PAM setup. Once the packages are installed and configured, you will need to change /etc/nsswitch.conf. Find the lines below and modify them:
passwd: compat ldap group: compat ldap shadow: compat ldap
You can test that this is working by running
getent passwd which should return a list of LDAP users at the bottom of a list of local and system users.
For machines that are not controlled by the space, it is possible to not provide the root bind DN or password. You will have limited functionality (unable to change passwords, shells, gecos information, etc.) but should still be able to authenticate users.