Home » Categories » Getting Started » Tweaks & Configuration

How to configure Ezeelogin to authenticate using Open_Ldap(Pam-Ldap) in ubuntu?

Article ID: 190 | Rating: 5/5 from 1 votes | Last Updated: Thu, Nov 26, 2020 at 9:28 AM

Integration of Open-LDAP (PAM-LDAP) in Ubuntu

Make sure that PHP-LDAP extension is installed on the server 

 

root@jumpserver:~# apt-get install php5.0-ldap/php7.0-ldap ; apachectl restart

 

 1. Login to Web-GUI > open settings > Ldap 

Add the details in LDAP setting page.Check the following video to fill and configure Pam-LDAP

 

 Add the details of LDAP configurations

 

2  Under settings > general settings >  Authentication > change Webpanel authentication to ldap & Check PAM Authetication

 

3. Select the LDAP users and import to ezeelogin

 

you can confirm the imported LDAP users were listed in Users 

 

Now you can login to ezeelogin with ldap user in ezeelogin GUI

 
Let's configure PAM_LDAP Authentication for SSH  
 
 
*Login to ezeelogin ssh server to configure pam-LDAP
 
 
1. Install pam-LDAP module by the following command

 #apt-get install ldap-auth-client ldap-auth-config nscd

 
2. Enter LDAP URI, Base dn & select Ldap version 3
   
  Enter the details in LDAP setting. you can use the above video to fetch details  
 
3.  Add Binddn&bind password  /etc/ldap.conf  

nano /etc/ldap.conf

 

binddn cn=admin,dc=eztest,dc=net

bindpw chaSD@#234JH56hj^7 

 
In Ubuntu 16.x, link the directory /etc/openldap with /etc/ldap as follows

ln -s /etc/ldap /etc/openldap

 
 
4. Append 'ldap' to password,group & shadow in /etc/nsswitch.conf  
 

root@tech2:~# cat /etc/nsswitch.conf

# /etc/nsswitch.conf

#

# Example configuration of GNU Name Service Switch functionality.

# If you have the `glibc-doc-reference' and `info' packages installed, try:

# `info libc "Name Service Switch"' for information about this file.

 

passwd:         compat  ldap   

group:          compat  ldap

shadow:         compat  ldap

 

hosts:          files mdns4_minimal [NOTFOUND=return] dns

networks:       files

 

protocols:      db files

services:       db files

ethers:         db files

rpc:            db files

 

netgroup:       nis

 
     Refer the above video for more information
 
5.  Enable autocreate home directory on login by adding the following to /etc/pam.d/common-session by the following command

echo "session optional pam_mkhomedir.so skel=/etc/skel umask=077" >> /etc/pam.d/common-session

  
6. Restart  nscd service

service nscd restart  

Ensure the login shell of ldap user is /usr/local/bin/ezsh  

 
Now run the id / finger command and see whether you are able get LDAP user details

[root@jumpserver ~]# finger jake

Login: jake           Name: franc t

Directory: /home/jake     Shell: /usr/local/bin/ezsh

Last login Wed Jun 13 05:02 (EDT) on pts/1 from 10.1.1.13

No mail.

No Plan.

[root@jumpserver ~]# id jake

uid=1547601108(franc) gid=1547600513(domain users) groups=1547600513(domain users) 

 

Run an ldapsearch to check the values returned from your AD server as follows. This is used for troubleshooting.

[root@75 home]# ldapsearch -x -LLL -E pr=200/noprompt -h 10.11.1.164 -D "administrator@ad2016.admod.net" -w admod_2016 -b "cn=jake,cn=users,dc=ad2016,dc=admod,dc=net"

 

dn: CN=jake,CN=Users,DC=ad2016,DC=admod,DC=net

 

objectClass: top

 

objectClass: person

 

objectClass: organizationalPerson

 

objectClass: user

 

cn: jake

 

givenName: jake

 

distinguishedName: CN=jake,CN=Users,DC=ad2016,DC=admod,DC=net

 

instanceType: 4

 

whenCreated: 20180703063304.0Z

 

whenChanged: 20180703063554.0Z

 

displayName: jake

 

uSNCreated: 45128

 

uSNChanged: 45136

 

name: jake

 

objectGUID:: ldpkFlnRs0O6irphlTq1AA==

 

userAccountControl: 512

 

badPwdCount: 0

 

codePage: 0

 

countryCode: 0

 

badPasswordTime: 0

 

lastLogoff: 0

 

lastLogon: 0

 

pwdLastSet: 131750731848783837

 

primaryGroupID: 513

 

objectSid:: AQUAAAAAAAUVAAAAmhs/bgMv2mlWATm4VQQAAA==

 

accountExpires: 9223372036854775807

 

logonCount: 0

 

sAMAccountName: jake

 

sAMAccountType: 805306368

 

userPrincipalName: jake@ad2016.admod.net

 

objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ad2016,DC=admod,DC=net

 

dSCorePropagationData: 16010101000000.0Z

 

uidNumber: 10001

 

gidNumber: 12000

 

unixHomeDirectory: /home/jake

 

loginShell: /usr/local/bin/ezsh

# pagedresults: cookie= 

 
Posted by: - Fri, Feb 23, 2018 at 12:28 AM. This article has been viewed 3924 times.
Filed Under: Tweaks & Configuration
5 (1)
Article Rating (1 Votes)
Rate this article
    Attached Files
    There are no attachments for this article.
    Related Articles RSS Feed
    Will Ezeelogin work behind a firewall or NAT or behind a Proxy?
    Viewed 6649 times since Sat, Jul 8, 2017
    cron for changing root passwords on servers periodically
    Viewed 3526 times since Thu, Jun 15, 2017
    Configure Ezeelogin to authenticate using Windows_AD / OpenLDAP (Pam-Ldap) in Debian?
    Viewed 174 times since Fri, Dec 4, 2020
    How to add ssh public key for passwordless authentication in ssh
    Viewed 3724 times since Fri, Sep 1, 2017
    Setting to be changed when sshd is listening on a custom port instead of default port in the ssh jumphost server
    Viewed 1965 times since Sat, Mar 10, 2018
    Setting session time out for the webinterface
    Viewed 3705 times since Wed, Jun 14, 2017
    Add a server using ssh key pair in ezeelogin
    Viewed 1730 times since Fri, Mar 22, 2019
    add amazon ec2 in jump server or aws jumpbox
    Viewed 4387 times since Tue, May 8, 2018
    Setting in web panel when SSH Daemon is listening on non standard ports.
    Viewed 2333 times since Thu, Dec 21, 2017
    Integrate OpenLdap / Windows Active Directory ( AD ) authentication in ezeelogin jump server (Centos &Ubuntu)
    Viewed 8409 times since Thu, Jun 15, 2017