Projects:LDAP

From 57North Hacklab
Jump to: navigation, search
LDAP
Description The 57North Hacklab LDAP
People User:Irl
Theme Infrastructure
Website
Status Dormant


Future centralised authentication will be provided by 57North ID. Please use this for future projects.

An LDAP service runs on synology. This provides authentication services for the space desktops. Accounts in this LDAP system were manually created and not tied to any other space management system, which was less than ideal. We are in the process of retiring this service.

LDAP URI: ldap://synology.57north.org.uk/
Root bind DN: uid=root,cn=users,dc=57north,dc=org,dc=uk
Root bind password: <the password>

LDAP Authentication on Debian[edit]

Start by installing the required packages:

apt-get install libnss-ldap libpam-ldap

You can get the required information for the debconf prompts from above.

You will have to enter the details twice, once for the NSS setup and once for the PAM setup. Once the packages are installed and configured, you will need to change /etc/nsswitch.conf. Find the lines below and modify them:

passwd: compat ldap
group: compat ldap
shadow: compat ldap

You can test that this is working by running getent passwd which should return a list of LDAP users at the bottom of a list of local and system users.

For machines that are not controlled by the space, it is possible to not provide the root bind DN or password. You will have limited functionality (unable to change passwords, shells, gecos information, etc.) but should still be able to authenticate users.