How to add ldap authentication to Debian server. It suppose that a running ldap server is running and that the ldap tree is filled correctly with account informations.

libnss-ldapd installation

The client need the libnss-ldapd package that is a fork of the historical libnss-ldap for better efficiency

# apt-get install libnss-ldapd

For the configuration it ask the following information:

  • URI of the LDAP server. better as an IP to prevent any DNS resolution problem
  • The root base where to look for the information (DN)
  • The name services to configure: aliases, ethers, group, hosts, netgroup, networks, passwd, protocols, rpc,services, shadow. for LDAP authentication group, passwd and shadow should be selected.

Set identification credential for LDAP connexion

If the connexion to the LDAP server need an authentication you can specify it in the /etc/nslcd.conf file by uncommenting and adjusting the following variables:

binddn cn=nss,dc=example,dc=com
bindpw my_password

After modification, restart nslcd service:

# /etc/init.d/nslcd restart


To test if it is working, we need to ask for information that are store locally and in the LDAP server. To get information about account we need to use the getent command followed by the name of the database we want to retrieve.

For example to retrieve all the content of the passwd database we use the following command:

$ getent passwd

It should show entries that are present on the local database but also in the LDAP directory.

We can also limit to a particular entry, like root account:

# getent passwd root

And here for root group:

# getent group root

Home directory creation

The creation of the home directory is normally done when creating the user. However for LDAP user they might not have been created on the current system and therefore did not have any home directory. If you want that it is created automatically at the connexion of the user if it does not exist you need to edit the /etc/pam.d/common-session file and add at the end the following line:

session required skel=/etc/skel