How to configure Ezeelogin to authenticate using Open

Integration of Open-LDAP (PAM-LDAP) in Ubuntu

Make sure that PHP-LDAP extension is installed on the server

root@jumpserver:~# apt-get install php5.0-ldap/php7.0-ldap ; apachectl restart

1. Login to Web-GUI > open settings > Ldap

Add the details in LDAP setting page.Check the following video to fill and configure Pam-LDAP

Add the details of LDAP configurations

2 Under settings > general settings > Authentication > change Webpanel authentication to ldap & Check PAM Authetication

3. Select the LDAP users and import to ezeelogin

you can confirm the imported LDAP users were listed in Users

Now you can login to ezeelogin with ldap user in ezeelogin GUI

Let's configure PAM_LDAP Authentication for SSH

*Login to ezeelogin ssh server to configure pam-LDAP

1. Install pam-LDAP module by the following command

 #apt-get install ldap-auth-client ldap-auth-config nscd

2. Enter LDAP URI, Base dn & select Ldap version 3

Enter the details in LDAP setting. you can use the above video to fetch details

3. Add Binddn&bind password /etc/ldap.conf

nano /etc/ldap.conf 
binddn cn=admin,dc=eztest,dc=net
bindpw chaSD@#234JH56hj^7 

In Ubuntu 16.x, link the directory /etc/openldap with /etc/ldap as follows

ln -s /etc/ldap /etc/openldap

4. Append 'ldap' to password,group & shadow in /etc/nsswitch.conf

root@tech2:~# cat /etc/nsswitch.conf

# /etc/nsswitch.conf

# Example configuration of GNU Name Service Switch functionality.

# If you have the `glibc-doc-reference' and `info' packages installed, try:

# `info libc "Name Service Switch"' for information about this file.

passwd: compat ldap

group: compat ldap

shadow: compat ldap

hosts: files mdns4_minimal [NOTFOUND=return] dns

networks: files

protocols: db files

services: db files

ethers: db files

rpc: db files

netgroup: nis

Refer the above video for more information

5. Enable autocreate home directory on login by adding the following to /etc/pam.d/common-session by the following command

echo "session optional pam_mkhomedir.so skel=/etc/skel umask=077" >> /etc/pam.d/common-session

6. Restart nscd service

service nscd restart  

Ensure the login shell of ldap user is /usr/local/bin/ezsh

Now run the id / finger command and see whether you are able get LDAP user details

[root@jumpserver ~]# finger jake
Login: jake           Name: franc t
Directory: /home/jake     Shell: /usr/local/bin/ezsh
Last login Wed Jun 13 05:02 (EDT) on pts/1 from 10.1.1.13
No mail.
No Plan.
[root@jumpserver ~]# id jake
uid=1547601108(franc) gid=1547600513(domain users) groups=1547600513(domain users) 

Run an ldasearch to check the values returned from your AD server as follows. This is used for troubleshooting.

[root@75 home]# ldapsearch -x -LLL -E pr=200/noprompt -h 10.11.1.164 -D "administrator@ad2016.admod.net" -w admod_2016 -b "cn=jake,cn=users,dc=ad2016,dc=admod,dc=net"
 
dn: CN=jake,CN=Users,DC=ad2016,DC=admod,DC=net
 
objectClass: top
 
objectClass: person
 
objectClass: organizationalPerson
 
objectClass: user
 
cn: jake
 
givenName: jake
 
distinguishedName: CN=jake,CN=Users,DC=ad2016,DC=admod,DC=net
 
instanceType: 4
 
whenCreated: 20180703063304.0Z
 
whenChanged: 20180703063554.0Z
 
displayName: jake
 
uSNCreated: 45128
 
uSNChanged: 45136
 
name: jake
 
objectGUID:: ldpkFlnRs0O6irphlTq1AA==
 
userAccountControl: 512
 
badPwdCount: 0
 
codePage: 0
 
countryCode: 0
 
badPasswordTime: 0
 
lastLogoff: 0
 
lastLogon: 0
 
pwdLastSet: 131750731848783837
 
primaryGroupID: 513
 
objectSid:: AQUAAAAAAAUVAAAAmhs/bgMv2mlWATm4VQQAAA==
 
accountExpires: 9223372036854775807
 
logonCount: 0
 
sAMAccountName: jake
 
sAMAccountType: 805306368
 
userPrincipalName: jake@ad2016.admod.net
 
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ad2016,DC=admod,DC=net
 
dSCorePropagationData: 16010101000000.0Z
 
uidNumber: 10001
 
gidNumber: 12000
 
unixHomeDirectory: /home/jake
 
loginShell: /usr/local/bin/ezsh
# pagedresults: cookie=

How to configure Ezeelogin to authenticate using Open_Ldap(Pam-Ldap) in ubuntu?

nano /etc/ldap.conf