Ubuntu – ssh login with multiple LDAP bases

domainldapnsssshUbuntu

I have an OpenLDAP directory with two different doamins (DN's)
What I would like to do is allow the users to access the machines with ssh and their LDAP account. This worked fine when I only had one Directory in LDAP, but I am not able to get it working with two directories.

I've searched and tried for an solution, without any luck. Is anyone able to help me with this? I've tried to add a second base to /etc/libnss-ldap.conf but it does only allows for me lookup entries in the latter LDAP directory.

Best Answer

If you use nslcd you can have multiple entries in nslcd.conf for base.

man nscld.conf:

   base [MAP] DN
          Specifies  the  base distinguished name (DN) to use as search base.  This option may be supplied multiple times and all specified bases will
          be searched.

Related Solutions

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Linux ldap authentication, pam_filter ignored

Ok, the solution was to use

nss_base_passwd ou=people,dc=rwth-cbmb,dc=de??ou=linux

in /etc/ldap.conf on the client. According to documentation:

Syntax:

nss_base_XXX base?scope?filter

I don't know why pam_filter doesn't work, but nss_* solves the problem.

Best Answer

Related Solutions

Ssh – How to automate SSH login with password

Linux ldap authentication, pam_filter ignored

Related Topic