Introduction
This article shows you how you can configure a Debian Linux operating system so that you can log into your Linux computer using LogonBox Directory credentials.
If you have not installed LogonBox Directory, now is the time to do so. This discussion assumes you have a server installed, configured, and ready to go with users waiting to log into Linux.
Before you head off configuring Debian to connect to your directory there are a few values you will need to jot down. These are:
Directory Hostname
This will be the FQDN of your LogonBox Directory. This hostname must be resolvable from each client you want to log in from. If your users will be accessing the directory via the Internet then make sure you have firewalled and port-forwarded the directory from your public hostname/IP address.
Directory LDAP DN
The LDAP Distinguished Name is a uniquely formatted string that provides a way to resolve elements in the LDAP. You will need to know the root DN of your server. If you have not changed this, then it will be dc=System,dc=local
.
Directory LDAP Port
Unless you have changed the default LDAPS interface, the port value will be 636 for the ldaps:// protocol.
Service Account
You will need an account that has permission to search the LDAP. We recommend creating a specific user with a minimal set of permissions. See our Creating a Service Account article for more information.
Debian system configuration
1. Installing the LDAP client
We first need to install the LDAP client and other utilities we need for LDAP to work with Debian 10. This can be done with this command from a terminal prompt (confirm with Y):
sudo apt install libnss-ldap libpam-ldap ldap-utils
At the LDAP server URI prompt that appears, enter ldap:// followed by the LogonBox Directory hostname and press enter.
Now enter the DN noted earlier to define the Base DN of the system and press enter (i.e. dc=System,dc=local)
For the LDAP version, select 3 and press enter to continue.
Now enter the DN for the service account which will be used to access the LogonBox Directory for authentications and press enter.
If using the default settings, this will be something like cn=serviceAccount,cn=Users,dc=System,dc=local
Now type in the password for the service account and press enter.
For the basic LDAP services to function properly, it is recommended to remove the default entries from the configuration file. This can be done simply by pressing enter.
We will add the required ldap entries to this config file later.