apt###### document version 0.0.4, 2024-12-06

LDAP Configuration

Follow this first

https://ubuntu.com/server/docs/how-to/sssd/with-ldap/

This has not been thoroughly tested and understood (!) → it just worx (TM)

See also https://kifarunix.com/configure-sssd-for-ldap-authentication-on-ubuntu-20-04/

1) SSSD: System Security Services Daemon

See also SSSD

apt update
apt-cache search sssd (a meta-package)
apt install sssd

create/edit /etc/sssd/sssd.conf (copy from template host), or

[sssd]
config_file_version = 2
domains = bfh

[domain/bfh]
id_provider = ldap
auth_provider = ldap
ldap_uri = ldaps://ldap.bfh.info
cache_credentials = False
ldap_search_base = dc=bfh

change ownership chmod 600 /etc/sssd/sssd.conf
systemctl enable sssd
systemctl start sssd
systemctl status sssd

2) LDAP

install PAM LDAP module apt get install libpam-ldap, will start "Wizard"

Configure ldap-auth-config
- Make local root Database admin: [<No>]
- No password needed: [<Yes>]

or check:

/etc/ldap.conf (copy from template host), or

ldap_version 3
host ldap.bfh.info
uri ldaps://ldap.bfh.info
base dc=bfh
port 636

3) PAM

sudo pam-auth-update --enable mkhomedir, or

vim /etc/pam.d/common-session, then:

"Add the line below just below the line, 'session optional pam_sss.so' "
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077

vim /etc/pam.d/sshd

disable/comment (line number indicated)

14: #@include common-account

at the very bottom

account sufficient pam_succeed_if.so user ingroup sysadmin

account sufficient pam_succeed_if.so user ingroup users

4) Generate fancy motd

http://patorjk.com/software/taag/#p=testall&f=Graffiti&t=<hostname>

then copy this from the Big section

and write to (non-existant) /etc/motd

disable default/dynamic motd

chmod -x /etc/update-motd.d/*

add instructions

scp from peak, apex and adapt to reflect new environment

Deprecated

x) NSLCD (?)

/etc/nslcd.conf

→ disable service (?)

systemctl status nslcd

x) NSCD (?)