Rather brief notes on getting LDAP auth running on a Debian server
Install dependencies
apt-get install libpam-ldap libnss-ldap
Debconf
LDAP server Uniform Resource Identifier: ldaps://10.179.43.21/
Distinguished name of the search base: dc=badwolf,dc=greenbeedigital,dc=com,dc=au
LDAP version to use: 3
Does the LDAP database require login? No
Special LDAP privileges for root? No
Make the configuration file readable/writeable by its owner only? No
Make local root Database admin. No
Does the LDAP database require login? No
Local crypt to use when changing passwords. crypt
/etc/libnss-ldap.conf modifications
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl start_tls
ssl on
/etc/ldap/ldap.conf modifications
BASE dc=badwolf,dc=greenbeedigital,dc=com,dc=au
URI ldaps://10.179.43.21/
TLS_REQCERT never
/etc/nsswitch.conf modifications
passwd: files ldap
group: files ldap
/etc/pam.d/common-auth modifications
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth required pam_ldap.so use_first_pass
auth required pam_permit.so
/etc/pam.d/common-account modifications
account sufficient pam_unix.so
account required pam_ldap.so
/etc/pam.d/common-session modifications
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022