Configure Ubuntu for Lehigh LDAP Authentication

For many Linux system users (researchers, most often), it's desirable to be able to be able to allow other Lehigh users to log into your system, but to have LTS hold and manage the account passwords.  Configuring LDAP to allow authentication, but store only the passwords (typically kept in the 'shadow' file) allows you, as the system administrator, to limit access to those user accounts you create on your system, while leaving the passwords themselves on Lehigh's LDAP server.  Follow the steps below on current versions of Ubuntu.


1.  Switch to the super user, and update your software repositories.

#  sudo su

#  apt-get update

2.  Install the authentication plugins.

#  apt install libpam-ldapd libnss-ldapd

3.  When the installation process starts the wizard, answer as follows: 

(tab moves from field to field, space bar "clicks")

Note: if you will be connecting other Lehigh system, like HPC or other Linux-based machines from this one, including the 'passwd' service may be valuable,  Check with your Computing Consultant.

LDAP Server URI: ldap://nis.cc.lehigh.edu

LDAP Search Base:  dc=lehigh,dc=edu

SSL Certificate:  try

Set Needed Services from LDAP:  'group' and 'shadow', at least, and 'passwd' if desired.

4.  Enable the PAM module that creates home directories.

#  pam-auth-update --enable mkhomedir

5.  Reboot to restart the required services.

#  shutdown -r now

6.  If you've configured your system without the 'passwd' service, you'll need to include the '--disabled-password' switch when creating local accounts for LDAP users.  To test this, switch to the super user again, and create local user accounts without passwords using Lehigh usernames for your desired users.  In this example, an account is created for "dab406".

#  adduser --disabled-password dab406 

For immediate help, contact the LTS Help Desk (Hours)
EWFM Library | Call: 610-758-4357 (8-HELP) | Text: 610-616-5910 | Chat | helpdesk@lehigh.edu
Submit a help request (login required)