LDAP Client Authentication to Domino LDAP (Ubuntu 8.x or 9.x)

Mindwatering Incorporated

Author: Tripp W Black

Created: 06/12/2009 at 12:31 PM

 

Category:
Ubuntu
Domino, SMB

Instructions for authentication setup to Lotus Domino as a LDAP authentication server for Ubuntu clients or Ubuntu servers.

1. Do the standard LDAP setup in Domino in a Internet Site document.

2. On the Ubuntu client install the following clients.
(The install is smart and will auto run the configuration.)

sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db

3. Follow the prompts in the configuration screens afterwards.
  • The address of the LDAP server used.
    You can also use a fully qualified domain name here. For example: ldap.mw.local
  • The distinguished name of the search base.
    For example o=mindwatering
  • The LDAP version to use.
    3.
  • If your database requires logging in.
    Yes, enter an account which has at least read access to names.nsf and any secondary directory assistance databases in use.
    For example cn=ldap user,o=mindwateringdomain
  • If you want to make configuration readable/writeable by owner only.
    A no should be the answer to this.
  • A Dialog is displayed explaining it cannot manage nsswitch.conf automatically. Just select OK.
  • If you want the local root to be the database admin.
    You would usually choose yes here.
  • Again If your database requires logging in.
    Yes, enter an account which has at least read access to names.nsf and any secondary directory assistance databases in use.
    For example cn=ldap user,o=mindwateringdomain
  • Your root login account.
    For example: cn=ldap manager,o=mindwateringdomain
  • Your root password.
  • After, a dialog explaining the different encryption methods to specify the encryption method to use before sending your password. exop is usually a good choice.
    (Note: I did not get this if I entered the server with a ldaps:// instead of ldap://.)

    To change your mind and re-run the wizard:
    sudo dpkg-reconfigure ldap-auth-config

Test using LDAP search from the Ubuntu client workstation or server.
Version w/-H, instead of -h and -p specification, to return entire tree:
$ ldapsearch -H ldaps://appserver.mindwatering.net:636 -x -D "CN=ldap username/o=mindwateringdomain" -W

Version to return just entries under the domain:
$ ldapsearch -H ldaps://appserver.mindwatering.net:636 -x -D "CN=ldap username/o=mindwateringdomain" -b "o=mindwateringdomain" -W



    See:
https://help.ubuntu.com/community/LDAPClientAuthentication

previous page

×