NOTE: This was done on Debian 5 Lenny. This does not apply to Squeeze. A new guide will be released shortly.

Generally your LDAP clients will connect to the ldap server to get user details and authentication. A lot of people will have the ldap server and client run on the same machine which is probably your setup.
Here is how to install the necessary software and configure it so that your server can contact the ldap server and users can authenticate with ease.

** If both server and client are same machine, use for the following questions regarding the hostname or url of the ldap db **

First get da stuff:
# apt-get install libnss-ldap libpam-ldap nscd

Here’s the answers for most (not all) the questions u cheater:

 LDAP Account for root: cn=admin,dc=yourdomain,dc=com<br></br>
Password: XXXX<br></br>
Make local root database admin: yes<br></br>
Database require logging in: No<br></br>
Root login account: cn=admin,dc=yourshit,dc=net<br></br>
Root login password: XXXX```

**NOTE**: your admin account will be asked for twice, once from libnss and once from libpam

There are some files you should edit (some may be already populated correcctly):


host ldap

base dc=domain,dc=com

rootbinddn cn=admin,dc=yourdomain,dc=com```


 host ldap<br></br>
base dc=yourshit<br></br>
reootbinddn cn=admin,dc=yourshit,dc=net```

account sufficient < mainly you will just add this line.

account required

#if you want user homedir to be created on first login

#session required umask=0022 skel=/etc/skel/ silent```


 auth sufficient < just gonna need to add this. all following lines should already be in the file<br></br>
auth required nullok_secure use_first_pass```

password sufficient < again the following line should be there already

password required nullok obscure min=4 max=8 md5```


 session sufficient < should just have to add this.<br></br>
session required<br></br>
session optional```

Now its time to edit the nsswitch file located at /etc/ adding “ldap” to only these three sections:  

passwd: files ldap

group: files ldap

shadow: files ldap```

This dictates where the os will look to authenticate users. first at the local passwd file, then at the ldap db.

One last thing to do is to edit the ldap.conf file in /etc/ldap/ (or /etc):
uncomment BASE and enter in your dc values
add the line “bind_policy soft”

Now just restart the nscd daemon
# /etc/init.d/nscd restart

Your client is all set.

Now mess around with the client. The first time you try this it may not work and throwback an error.
try again and it should work. this was my experience with it.
This has been done on Debian Lenny in November of 2010

Mario Loria is a builder of diverse infrastructure with modern workloads on both bare-metal and cloud platforms. He's traversed roles in system administration, network engineering, and DevOps. You can learn more about him here.