Linux can use NSS (network service switch) to identify users as an alternative to the files in /etc. In fact, most modern distributions use NSS from the start. The file “/etc/nsswitch.conf” is responsible to indicate how names are found. A stock installation indicates that files will be used to get the information for passwd, shadow and group.
On a client (which can be the same machine running the server), install ldap-utils. Next, “/etc/ldap/ldap.conf” must be copied from the server (verified to be functional!) to the client machine if they are different machines.
To add LDAP as an option to resolve names, you have to install the libnss-ldapd package. As it is installed, you will be asked how to contact the LDAP server. The most important questions is the URI of the server (10.0.2.20 in this module) and the distinguished name of the search base (“dc=test,dc=org” in this module). When asked about the LDAP database user, leave it empty. When asked “Name services to configure”, specify “group” (the default).
If these questions were not asked during installation, you can edit the file at “/etc/nss-ldapd.conf” (specify base and uri).
Next, edit “/etc/nsswitch.conf” to add ldap to the lines starting with passwd and group. The change should be immediate.
Because LDAP is a network service, it can be a little slow. You can optionally install nscd as a caching daemon to speed up operations.
Once you have NSS configured to use LDAP, use the following command to confirm that the newbie entry in the LDAP tree is reported: