openldap client configuration LAB 9.5

k0dard

Hello,

I'm stuck with openldap client configuration and I would really appreciate if someone could help me

I have two VMs, one is turnkey-openldap server (suggested in the lab) and the other is ubuntu 18.04

I've followed the steps in the lab, with some minor problems that I overcame while configuring the openldap server (I couldn't add group.ldif because there was no ou Group available so I created it)

Also please note that my domain is zvezdara.lokal instead of example.com

Here is the output of ldapsearch -H ldap://192.168.122.252 -D cn=admin,dc=zvezdara,dc=lokal -x -W -b dc=zvezdara,dc=lokal ran from the client VM:

# extended LDIF
#
# LDAPv3
# base <dc=zvezdara,dc=lokal> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# zvezdara.lokal
dn: dc=zvezdara,dc=lokal
objectClass: top
objectClass: dcObject
objectClass: organization
o: Zvezdara
dc: zvezdara

# admin, zvezdara.lokal
dn: cn=admin,dc=zvezdara,dc=lokal
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9WUF4aFhjM0JkRHlxRnpEK2UzbTFZMG02bDR1L3JnSDI=

# luser1, zvezdara.lokal
dn: cn=luser1,dc=zvezdara,dc=lokal
uid: luser1
cn: luser1
givenName: luser1
sn: linux
homeDirectory: /home/users/luser1
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uidNumber: 999001
gidNumber: 999001
userPassword:: e1NTSEF9Ukt1dXBWUnp5SjhEWkkrUVQ4cXVsVms3UkZud1hUZjIgICA=

# Groups, zvezdara.lokal
dn: ou=Groups,dc=zvezdara,dc=lokal
objectClass: organizationalUnit
objectClass: top
ou: Groups

# luser1, Groups, zvezdara.lokal
dn: cn=luser1,ou=Groups,dc=zvezdara,dc=lokal
cn: luser1
objectClass: posixGroup
objectClass: top
gidNumber: 999001
memberUid: luser1

# search result
search: 2
result: 0 Success

# numResponses: 6
# numEntries: 5

So server seems to show user luser1

On the client VM I've installed sssd sssd-ldap ldap-utils oddjob-mkhomedir and I've created /etc/sssd/conf.d/00-sssd.conf

[sssd]
config_file_version = 2
domains = zvezdara.lokal
services = nss, pam, autofs

[domain/zvezdara.lokal]
enumerate = true
id_provider = ldap
autofs_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://192.168.122.252/
ldap_search_base = dc=zvezdara,dc=lokal
ldap_id_use_start_tls = true
cache_credentials = True
ldap_tls_reqcert = allow

and added a line session optional pam oddjob mkhomedir.so into /etc/pam.d/common-session.conf

However, after restarting sssf and oddjobd and issuing getent passwd luser1 I don't get anything in response

What am I missing ?

The one potentially problematic thing is that in the lab these steps are written for Ubuntu 20.01 and I'm running Ubuntu 18.04.

k0dard

OK, in the meantime I've found the solution.

The configuration for Ubuntu 18.04 client is completely different

I followed this guide https://blogging.dragon.org.uk/installing-ldap-on-ubuntu-18-04/ and now it works like charm