Install LDAP on ubuntu 14.04

14.04 server login lightdm ldap

7,874

The problem lies in differences with your configuration. The dc has to match the domain example.com but in phpldapadmin you configured the dc as aldarim.local. Here are your settings:

LDAP Config:

No
example.com
Example Company
password x2
HDB, No, Yes, No (Default values)

and phpldapadmin config:

sudo nano /etc/phpldapadmin/config.php
[line 161]
$config->custom->appearance['hide_template_warning'] = true;
[...]
$servers->setValue('server','host','192.168.0.22');
[...]
$servers->setValue('server','base',array('dc=aldarim,dc=local'));
[...]
$servers->setValue('login','bind_id','cn=admin,dc=aldarim,dc=local');

Here is an example of how the domain should match, even if you use the IP address: See this tutorial which gives you the idea that you can enter anything you want, but the two settings MUST match.

Change your LDAP config to use aldarim.local and call the company aldarim and you should be ok. Or change the following lines to use example.com

$servers->setValue('server','base',array('dc=example,dc=com'));
[...]
$servers->setValue('login','bind_id','cn=admin,dc=example,dc=com');

In any case, they have to match.

7,874

Kobrasnip

Updated on September 18, 2022

Comments

Kobrasnip 9 months

I'm trying to configure OpenLDAP on Ubuntu Server 14.04 LTS and Clients (Ubuntu 14.04 and/or Linux Mint 17). It works with su command, ssh or in terminal but it doesn't work on login screen. Just after install, I can see LDAP users on login screen but after few minutes, only local users are available. /var/log/auth.log give me :

Feb 17 21:33:50 PC1 sh: nss_ldap: could not connect to any LDAP server as cn=admin,dc=example,dc=local - Can't contact LDAP server
Feb 17 21:33:50 PC1 sh: nss_ldap: failed to bind to LDAP server ldap://192.168.0.22: Can't contact LDAP server
Feb 17 21:33:50 PC1 sh: nss_ldap: reconnecting to LDAP server...
Feb 17 21:33:50 PC1 sh: nss_ldap: could not connect to any LDAP server as cn=admin,dc=example,dc=local - Can't contact LDAP server
Feb 17 21:33:50 PC1 sh: nss_ldap: failed to bind to LDAP server ldap://192.168.0.22: Can't contact LDAP server
Feb 17 21:33:50 PC1 sh: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
Feb 17 21:33:51 PC1 sh: nss_ldap: could not connect to any LDAP server as cn=admin,dc=example,dc=local - Can't contact LDAP server
Feb 17 21:33:51 PC1 sh: nss_ldap: failed to bind to LDAP server ldap://192.168.0.22: Can't contact LDAP server
Feb 17 21:33:51 PC1 sh: nss_ldap: could not search LDAP server - Server is unavailable
Feb 17 21:33:51 PC1 sh: nss_ldap: could not connect to any LDAP server as cn=admin,dc=example,dc=local - Can't contact LDAP server
Feb 17 21:33:51 PC1 sh: nss_ldap: failed to bind to LDAP server ldap://192.168.0.22: Can't contact LDAP server
Feb 17 21:33:51 PC1 sh: nss_ldap: reconnecting to LDAP server...
Feb 17 21:33:51 PC1 sh: nss_ldap: could not connect to any LDAP server as cn=admin,dc=example,dc=local - Can't contact LDAP server
Feb 17 21:33:51 PC1 sh: nss_ldap: failed to bind to LDAP server ldap://192.168.0.22: Can't contact LDAP server
Feb 17 21:33:51 PC1 sh: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
Feb 17 21:33:52 PC1 sshd[968]: Server listening on 0.0.0.0 port 22.
Feb 17 21:33:52 PC1 sshd[968]: Server listening on :: port 22.
Feb 17 21:33:52 PC1 lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Feb 17 21:33:52 PC1 lightdm: PAM adding faulty module: pam_kwallet.so
Feb 17 21:33:52 PC1 lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
Feb 17 21:33:52 PC1 lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Feb 17 21:33:52 PC1 lightdm: PAM adding faulty module: pam_kwallet.so
Feb 17 21:33:52 PC1 lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "adminlocal"
Feb 17 21:33:52 PC1 sh: nss_ldap: could not connect to any LDAP server as cn=admin,dc=example,dc=local - Can't contact LDAP server
Feb 17 21:33:52 PC1 sh: nss_ldap: failed to bind to LDAP server ldap://192.168.0.22: Can't contact LDAP server
Feb 17 21:33:52 PC1 sh: nss_ldap: could not search LDAP server - Server is unavailable
Feb 17 21:33:54 PC1 dbus[431]: [system] Rejected send message, 7 matched rules; type="method_return", sender=":1.42" (uid=0 pid=1518 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(un$
Feb 17 21:34:04 PC1 dbus[431]: [system] Rejected send message, 7 matched rules; type="method_return", sender=":1.42" (uid=0 pid=1518 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(un$
Feb 17 21:34:18 PC1 sshd[1728]: Accepted password for adminlocal from 192.168.0.53 port 61914 ssh2
Feb 17 21:34:18 PC1 sshd[1728]: pam_unix(sshd:session): session opened for user adminlocal by (uid=0)
Feb 17 21:34:44 PC1 sudo: pam_unix(sudo:auth): authentication failure; logname=adminlocal uid=1000 euid=0 tty=/dev/pts/1 ruser=adminlocal rhost=  user=adminlocal
Feb 17 21:34:49 PC1 sudo: adminlocal : TTY=pts/1 ; PWD=/home/adminlocal ; USER=root ; COMMAND=/usr/bin/nano /var/log/nscd.log
Feb 17 21:34:49 PC1 sudo: pam_unix(sudo:session): session opened for user root by adminlocal(uid=0)
Feb 17 21:34:51 PC1 sudo: pam_unix(sudo:session): session closed for user root

Getent passwd show me ldap users so I think this is a lightdm issue... I tried several guides, without success. Is there anybody in the same situation ? What can I do ? Thank you very much. Florent

Step to reproduce

Fix static IP :

sudo nano /etc/network/interfaces
[…]
auto eth0
iface eth0 inet static
address 192.168.0.22
network 192.168.0.0
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.254
dns-nameservers 8.8.8.8

Install LDAP

sudo apt-get install slapd ldap-utils
sudo dpkg-reconfigure slapd

example.com

Example Company

password x2

HDB, No, Yes, No (Default values)

Install phpldapadmin (tried with ldif files too)

sudo apt-get install phpldapadmin


sudo nano /etc/phpldapadmin/config.php
[line 161]
$config->custom->appearance['hide_template_warning'] = true;
[...]
$servers->setValue('server','host','192.168.0.22');
[...]
$servers->setValue('server','base',array('dc=aldarim,dc=local'));
[...]
$servers->setValue('login','bind_id','cn=admin,dc=aldarim,dc=local');


sudo nano /usr/share/phpldapadmin/lib/TemplateRender.php 
[Line 2469]
$default = $this->getServer()->getValue('appearance','password_hash_custom');

Configure LDAP

http://192.168.0.22/phpldapadmin

Make 2 Generic : Organisational Unit => Groups & People
Under Groups, make 2 Posix Group => admin & employees
Under People, make users

Install ldap client on server

sudo apt-get install libpam-ldap nscd

ldap://127.0.0.1

dc=example,dc=com

3, Yes, No (Default values)

cn=admin,dc=example,dc=com

admin password

nano /etc/nsswitch.conf
[...]
passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap
[...]

sudo reboot

Client configuration

sudo apt-get install libpam-ldap nscd

ldap://192.168.0.22

dc=example,dc=com

3, Yes, No (Default values)

cn=admin,dc=example,dc=com

admin password

nano /etc/nsswitch.conf
[...]
passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap
[...]

sudo reboot

Alternative client configuration :

sudo apt-get install libnss-ldap ldap-auth-config
sudo auth-client-config -t nss -p lac_ldap
sudo pam-auth-update

Same errors...

muru over 8 years

Try using libpam-ldapd and nslcd.
Kobrasnip over 8 years

Thanks for suggestion but... same result :'( (on a fresh install). getent passwd works but "could not connect to any LDAP server" still in /var/log/auth.log