Skip to Content

How to configure Ezeelogin to authenticate using Open_Ldap(Pam-Ldap) in Ubuntu?

190  Manu Chacko June 14, 2023  Tweaks & Configuration

Integration of Open-LDAP (PAM-LDAP) in Ubuntu

Make sure that PHP-LDAP extension is installed on the server 

root@jumpserver:~# apt-get install php5.0-ldap/php7.0-ldap ; apachectl restart

1. Login to Web-GUI > open settings > Ldap and add the details of LDAP configurations

2. Under Settings > General SettingsAuthentication > change Webpanel authentication to LDAP & Check External SSH Auth

3. Select the LDAP users and import them to ezeelogin

 

You can confirm the imported LDAP users were listed in Users 

 

Now you can login to ezeelogin with ldap user in ezeelogin GUI

After importing the users to Ezeelogin, log in with the user and set up security code for the user under Account > Password > New Security Code.

 

Let's configure PAM_LDAP Authentication for SSH  

Login to Ezeelogin ssh server to configure pam-LDAP
 
1. Install pam-LDAP module by the following command

root@jumpserver:~# apt-get install ldap-auth-client ldap-auth-config nscd

 
2. Enter LDAP URI, Base DB & select LDAP version 3. 
 
Enter the details in the LDAP setting.
 
3.  Add Binddn&bind password  /etc/ldap.conf  

root@jumpserver:~# nano /etc/ldap.conf

 

binddn cn=admin,dc=eztest,dc=net

bindpw chaSD@#234JH56hj^7 

 
In Ubuntu 16.x, link the directory /etc/openldap with /etc/ldap as follows

root@jumpserver:~# ln -s /etc/ldap /etc/openldap

4. Append 'ldap' to password,group & shadow in /etc/nsswitch.conf  
 

root@jumpserver:~# cat /etc/nsswitch.conf

# /etc/nsswitch.conf

#

# Example configuration of GNU Name Service Switch functionality.

# If you have the `glibc-doc-reference' and `info' packages installed, try:

# `info libc "Name Service Switch"' for information about this file.

 

passwd:         compat  ldap   

group:          compat  ldap

shadow:         compat  ldap

 

hosts:          files mdns4_minimal [NOTFOUND=return] dns

networks:       files

 

protocols:      db files

services:       db files

ethers:         db files

rpc:            db files

netgroup:       nis

 
5.  Enable autocreate home directory on login by adding the following to /etc/pam.d/common-session by the following command

root@jumpserver:~# echo "session optional pam_mkhomedir.so skel=/etc/skel umask=077" >> /etc/pam.d/common-session

  
6. Restart  nscd service

root@jumpserver:~# service nscd restart  

Ensure the login shell of ldap user is /usr/local/bin/ezsh  

 
Now run the id/finger command and see whether you are able to get LDAP user details

[root@jumpserver ~]# finger jake

Login: jake           Name: franc t

Directory: /home/jake     Shell: /usr/local/bin/ezsh

Last login Wed Jun 13 05:02 (EDT) on pts/1 from 10.1.1.13

No mail.

No Plan.

[root@jumpserver ~]# id jake

uid=1547601108(franc) gid=1547600513(domain users) groups=1547600513(domain users) 

 

Run an ldapsearch to check the values returned from your AD server as follows. This is used for troubleshooting.

[root@75 home]# ldapsearch -x -LLL -E pr=200/noprompt -h 10.11.1.164 -D "[email protected]" -w admod_2016 -b "cn=jake,cn=users,dc=ad2016,dc=admod,dc=net"

 

dn: CN=jake,CN=Users,DC=ad2016,DC=admod,DC=net

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: user

cn: jake

givenName: jake

distinguishedName: CN=jake,CN=Users,DC=ad2016,DC=admod,DC=net

instanceType: 4

whenCreated: 20180703063304.0Z

whenChanged: 20180703063554.0Z

displayName: jake

uSNCreated: 45128

uSNChanged: 45136

name: jake

objectGUID:: ldpkFlnRs0O6irphlTq1AA==

userAccountControl: 512

badPwdCount: 0

codePage: 0

countryCode: 0

badPasswordTime: 0

lastLogoff: 0

lastLogon: 0

pwdLastSet: 131750731848783837

primaryGroupID: 513

objectSid:: AQUAAAAAAAUVAAAAmhs/bgMv2mlWATm4VQQAAA==

accountExpires: 9223372036854775807

logonCount: 0

sAMAccountName: jake

sAMAccountType: 805306368

userPrincipalName: [email protected]

objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ad2016,DC=admod,DC=net

dSCorePropagationData: 16010101000000.0Z

uidNumber: 10001

gidNumber: 12000

unixHomeDirectory: /home/jake

loginShell: /usr/local/bin/ezsh

# pagedresults: cookie= 

 
Related Articles:
Rating: 5 (2 Votes)