Configure Ezeelogin to authenticate using Windows_AD(Pam-Ldap) in ubuntu?
Configure Ezeelogin to authenticate using Windows_AD(Pam-LDAP) in Ubuntu 16.x 18.x?
Integration of WINDOWS-AD (PAM-LDAP) in Ubuntu
root@jumpserver:~# apt-get install php5-ldap/php7-ldap /php-ldap
1. Login to Web-GUI > open settings > Ldap
Add the details in LDAP setting page.Check the following video to fill and configure Pam-LDAP
Add the details of LDAP configurations & Check the WINDOWS ACTIVE DIRECTORY
2. open settings > general > Authentication > change webpanel authentication to ldap & Check PAM Authentication
3. Select the LDAP users and import to ezeelogin
you can confirm the imported LDAP users were listed in Users
Now you can log in to ezeelogin with LDAP user in ezeelogin GUI
4. Make sure that UNIX ATTRIBUTES is enabled on WINDOWS(2003,2008,2012) SERVER
You do not need to install unix attributes on windows 10 and windows 2016 server OS
Login to windows server & open command prompt
Enter the below command
Reboot the server to complete installation
5. Make sure to add the values for UID, GID, Login Shell, Home Directory



In Ubuntu 16.x, run the command " ln -s /etc/ldap /etc/openldap" as well.
root@tech2:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
vi /etc/pam.d/common-password
#look for the lines starting with password and add the line below to enable authentication via ldap.
password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass
Ensure the login shell of ldap user is /usr/local/bin/ezsh
Now run the id / finger command and see whether you are able get AD user details
Run an ldapsearch to check the values returned from your AD server as follows. This is used for troubleshooting. Ensure that it returns the values of uid,gid,home directory and login shell.