LDAP is an acronym for Lightweight Directory Access Protocol. LDAP allows users to store the usernames and passwords of users in a single place. This place is then used by multiple services for validating the users claiming these services. To use a service, you always need to have a client-end program that can help you to access that service. This article shows you how to install and configure the LDAP client on your Debian 10 system.
Method of Configuring the LDAP Client in Debian 10
To configure the LDAP client on a Debian 10 machine, perform the following fifteen steps. The configurations may vary according to your unique requirements and usage of the LDAP client. The following steps will guide you through some of the more generic LDAP client configurations.
Step 1: Install LDAP Client and Required Packages
First, install the LDAP client and all the packages necessary for LDAP to work properly in Debian 10 by issuing the command below:
sudo apt install libnss-ldap libpam-ldap ldap-utils
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/1-1.jpg" data-lazy- height="26" src="data:image/svg xml,” width=”684″>
As soon as this command starts its execution, you will be able to see an interactive prompt, in which you can perform the various LDAP configurations explained in the following steps.
Step 2: Configure URI for LDAP Server
Next, set up the URI for your LDAP server. The server format is also shown in the following image. Then, press the Enter key to proceed to the next configuration.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/2-1.jpg" data-lazy- height="272" src="data:image/svg xml,” width=”686″>
Step 3: Set Up Distinct Name for LDAP Search Base
Now, you will set up a distinct name for the LDAP search base. An example is shown in the image below. Then, press the Enter key to go to the next screen.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/3-1.jpg" data-lazy- height="235" src="data:image/svg xml,” width=”693″>
Step 4: Choose Desired LDAP Protocol Version
There are different LDAP protocol versions available to use; however, it is always recommended to use the latest available version, which, in this case, is version 3. After selecting this version, press the Enter key to confirm your choice, as shown in the following image:
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/4-1.jpg" data-lazy- height="237" src="data:image/svg xml,” width=”675″>
Step 5: Select LDAP Account for Root
Now, specify an account that will be used as the LDAP root user account, after which you will press the Enter key.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/5-1.jpg" data-lazy- height="270" src="data:image/svg xml,” width=”687″>
Step 6: Set Up Password for LDAP Root Account
Once the LDAP root account has been selected, you will need to set up a password for this account. Type in a password of your choice and then press the Enter key to go to the next screen.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/6-1.jpg" data-lazy- height="290" src="data:image/svg xml,” width=”696″>
Step 7: Remove LDAP Entries from Configuration File
For the basic LDAP services to function properly, it is recommended to remove the default LDAP entries from the configuration file. This can be done simply by pressing the Enter key or the OK button in the prompt, as shown in the image below:
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/7-1.jpg" data-lazy- height="287" src="data:image/svg xml,” width=”686″>
Step 8: Allow LDAP Admin Account to Behave Like Local Root
Now, allow the LDAP admin account to behave like a local root account by selecting the Yes option from the dialogue box, as shown in the following image:
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/8-1.jpg" data-lazy- height="269" src="data:image/svg xml,” width=”694″>
Step 9: Disable Login for LDAP Database
You can disable the login for the LDAP database by selecting the No option from the dialogue box, as shown in the image below. This will remove the need for authentication at the time of retrieving the LDAP entries.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/9-1.jpg" data-lazy- height="219" src="data:image/svg xml,” width=”696″>
Step 10: Enter Name of LDAP Administrative Account
Now, enter the name of the LDAP root account that you set up earlier. After that, press the Enter key to continue.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/10-1.jpg" data-lazy- height="234" src="data:image/svg xml,” width=”684″>
Step 11: Enter Password for LDAP Root Account or Administrative Account
Finally, enter the password for the LDAP root account or administrative account that you set up in Step 6, then press the Enter key, as shown in the image below:
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/11-1.jpg" data-lazy- height="306" src="data:image/svg xml,” width=”693″>
After doing this, the command that you executed in Step 1 will finish its execution while rendering the following messages in your Debian 10 terminal:
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/12-1.jpg" data-lazy- height="402" src="data:image/svg xml,” width=”723″>
Step 12: Update PAM Configurations
Next, configure your Debian 10 system to use LDAP for authentication. To do so, update the PAM configurations by running the following command:
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/13.jpg" data-lazy- height="27" src="data:image/svg xml,” width=”404″>
This command will display a dialogue box on your screen from which you can select any desired profiles that you want to be enabled. It is recommended to go with the default profile. Then, to continue, press the Enter key.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/14.jpg" data-lazy- height="416" src="data:image/svg xml,” width=”702″>
Step 13: Allow Automatic Creation of User’s Home Directory
You can also choose to allow the automatic creation of the user’s Home directory. To do so, you will edit the Common Session PAM file. This file can be accessed by using the following command:
sudo nano /etc/pam.d/common-session
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/15.jpg" data-lazy- height="28" src="data:image/svg xml,” width=”538″>
When this file opens with the nano editor, enter the following line of code at the end of this file:
session required pam_mkhomedir.so skel=/etc/skel umask=077
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/16.jpg" data-lazy- height="433" src="data:image/svg xml,” width=”722″>
After adding this line, press Ctrl X to save your file and exit the nano editor.
Step 14: Restart Name Service Cache Daemon (nscd)
Restart the name service cache daemon (nscd) so that it can read the new configurations. The ncsd can be restarted with the following command:
sudo systemctl restart nscd
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/17.jpg" data-lazy- height="28" src="data:image/svg xml,” width=”464″>
Restarting this service will not display any messages in the terminal.
Step 15: Enable Name Service Cache Daemon (nscd)
Finally, re-enable the name service cache daemon (nscd) with the command below:
sudo systemctl enable nscd
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/18.jpg" data-lazy- height="24" src="data:image/svg xml,” width=”458″>
This command will display the following messages in the terminal upon successful execution:
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/19.jpg" data-lazy- height="97" src="data:image/svg xml,” width=”724″>
This step brings us to the end of the LDAP client configurations in a Debian 10 system.
Method of Removing LDAP Client from Debian 10
If you no longer feel like using the LDAP client for Debian 10, you can conveniently remove it, as well as its configuration files, with the command below:
sudo apt-get purge libnss-ldap libpam-ldap ldap-utils
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/20.jpg" data-lazy- height="28" src="data:image/svg xml,” width=”703″>
When this process is completed, the terminal will show the following messages:
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/21.jpg" data-lazy- height="389" src="data:image/svg xml,” width=”708″>
Finally, to remove any extra packages that were installed with the LDAP client, issue the following command:
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/22.jpg" data-lazy- height="25" src="data:image/svg xml,” width=”430″>
This command will remove all the packages that are no longer needed after removing the LDAP client from Debian 10.
<img alt="" data-lazy- data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/23.jpg" data-lazy- height="265" src="data:image/svg xml,” width=”666″>
Conclusion
This article explained how to configure the LDAP client on a Debian 10 system. These configurations are extremely easy to perform and will not take more than 10 minutes to do. Finally, we also showed you how to uninstall the LDAP client from your Debian 10 machine.
About the author
<img alt="Karim Buzdar" data-lazy-src="https://kirelos.com/wp-content/uploads/2021/01/echo/karim-150×150.png60120ae5b1ecc.jpg" height="112" src="data:image/svg xml,” width=”112″>
Karim Buzdar
Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. He blogs at LinuxWays.
