🛡️ Complete Guide: LDAP Configuration with DNS, SSH & FTP on Debian

In this guide, we’ll walk through setting up an LDAP server with client authentication over a secure Debian infrastructure, complete with DNS resolution, SSH login, and FTP access.

🌐 Prerequisites

Domain: server.local
LDAP Server IP: 192.168.29.237
LDAP Client IP: 192.168.29.22
Use static IP addresses on both server and client.

📌 Step 1: Update Hostname

On the LDAP server:

hostnamectl set-hostname ns.server.local
reboot

🔧 DNS Configuration

DNS is essential for resolving hostnames like server.local and ldap.server.local.

1️⃣ Install DNS Packages

apt install bind9 dnsutils

2️⃣ Define the DNS Zone

Edit:

vim /etc/bind/named.conf.local

3️⃣ Create Forward Zone File

mkdir /etc/bind/zones
vim /etc/bind/zones/forward.server.local

server.local. IN A 192.168.29.237
ldap.server.local. IN A 192.168.29.237

4️⃣ Update `/etc/hosts` (Optional)

vim /etc/hosts

192.168.29.237 server.local ldap.server.local

5️⃣ Restart DNS Service

systemctl restart bind9
systemctl enable named.service

6️⃣ Test DNS Resolution

nslookup server.local 192.168.29.237
nslookup ldap.server.local 192.168.29.237

7️⃣ Configure `resolv.conf`

vim /etc/resolv.conf

nameserver 192.168.29.237

✅ DNS is ready!

📂 LDAP Server Setup

1️⃣ Install Required Packages

apt install slapd ldap-utils

2️⃣ Configure LDAP Server

dpkg-reconfigure slapd

Sample answers:

Omit OpenLDAP server configuration? → No
DNS Domain Name → server.local
Organization name → server
Administrator Password → 123
Confirm Password → 123
Do you want the database removed when slapd is purged? → No
Move old database? → Yes

3️⃣ Edit LDAP Config

vim /etc/ldap/ldap.conf

BASE dc=server,dc=local
URI ldap://ldap.server.local

✅ LDAP Sanity Checks

Run:

ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn
ldapsearch -x -LLL -H ldap:/// -b dc=server,dc=local dn
ldapwhoami -x
ldapwhoami -x -D cn=admin,dc=server,dc=local -W
ldapwhoami -Y EXTERNAL -H ldapi:/// -Q

4️⃣ Create Users Using `users.ldif`

Generate password:

slappasswd

Sample hashed output:

{SSHA}D88BroZNxE34q7ERv9fq6VVDSQ98xYWS

Create and edit:

vim users.ldif

Add organizational units and users.

5️⃣ Add Users to LDAP

ldapadd -x -D cn=admin,dc=server,dc=local -W -f users.ldif

Verify:

ldapsearch -x -LLL -b dc=server,dc=local '(uid=ankit)' cn gidNumber

6️⃣ Set LDAP Password for Users

ldappasswd -x -D cn=admin,dc=server,dc=local -W -S uid=ankit,ou=people,dc=server,dc=local

🔐 PAM & NSS Configuration

7️⃣ Edit PAM Auth

vim /etc/pam.d/common-auth

Add:

auth sufficient pam_ldap.so

8️⃣ Enable Home Dir Creation

vim /etc/pam.d/common-session

Add:

session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

9️⃣ Install NSS & PAM Modules

apt install nslcd libpam-ldapd

During setup, use:

URI: ldap://ldap.server.local
Base DN: dc=server,dc=local

🔟 Configure Admin Binding

vim /etc/nslcd.conf

Add:

binddn cn=admin,dc=server,dc=local
bindpw 123

Restart:

systemctl restart nslcd.service

✅ LDAP authentication is now active!

🧪 Test LDAP User

getent passwd ankit
id ankit

🖥️ LDAP Client Configuration

1️⃣ Install LDAP Client Tools

apt install libnss-ldapd libpam-ldapd ldap-utils

2️⃣ Enable Home Directory Creation

vim /etc/pam.d/common-session

Add:

session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

3️⃣ Login as LDAP User

su - ankit

If /home/ankit is created — success!

🧩 Enable SSH Access for LDAP Users

1️⃣ SSHD Config Update

vim /etc/ssh/sshd_config

Ensure:

UsePAM yes

2️⃣ Restart SSH

systemctl restart sshd

3️⃣ SSH Login Test

ssh ankit@192.168.29.237

🌐 FTP Integration with LDAP

1️⃣ Install FTP Server

apt install vsftpd

2️⃣ Configure PAM for vsftpd

vim /etc/pam.d/vsftpd

Add:

auth required pam_ldap.so
account required pam_ldap.so
session required pam_loginuid.so

3️⃣ vsftpd Main Config

vim /etc/vsftpd.conf

Set:

local_enable=YES
write_enable=YES
pam_service_name=vsftpd

4️⃣ Restart FTP Service

systemctl restart vsftpd

5️⃣ FTP Client Install

apt install ftp

6️⃣ Test FTP Login (Client Side)

ftp 192.168.29.237

🎉 Conclusion

With this configuration:

✅ LDAP users are authenticated system-wide
✅ DNS resolves correctly
✅ SSH access is LDAP-enabled
✅ FTP works securely via LDAP

Now your Debian infrastructure is centralized, secure, and efficient.

FilesExpand file tree

Complete Guide: LDAP Configuration with DNS, SSH & FTP on Debian.md

Latest commit

History

Complete Guide: LDAP Configuration with DNS, SSH & FTP on Debian.md

File metadata and controls

🌐 Prerequisites

📌 Step 1: Update Hostname

🔧 DNS Configuration

1️⃣ Install DNS Packages

2️⃣ Define the DNS Zone

3️⃣ Create Forward Zone File

4️⃣ Update /etc/hosts (Optional)

5️⃣ Restart DNS Service

6️⃣ Test DNS Resolution

7️⃣ Configure resolv.conf

📂 LDAP Server Setup

1️⃣ Install Required Packages

2️⃣ Configure LDAP Server

3️⃣ Edit LDAP Config

✅ LDAP Sanity Checks

4️⃣ Create Users Using users.ldif

5️⃣ Add Users to LDAP

6️⃣ Set LDAP Password for Users

🔐 PAM & NSS Configuration

7️⃣ Edit PAM Auth

8️⃣ Enable Home Dir Creation

9️⃣ Install NSS & PAM Modules

🔟 Configure Admin Binding

🧪 Test LDAP User

🖥️ LDAP Client Configuration

1️⃣ Install LDAP Client Tools

2️⃣ Enable Home Directory Creation

3️⃣ Login as LDAP User

🧩 Enable SSH Access for LDAP Users

1️⃣ SSHD Config Update

2️⃣ Restart SSH

3️⃣ SSH Login Test

🌐 FTP Integration with LDAP

1️⃣ Install FTP Server

2️⃣ Configure PAM for vsftpd

3️⃣ vsftpd Main Config

4️⃣ Restart FTP Service

5️⃣ FTP Client Install

6️⃣ Test FTP Login (Client Side)

🎉 Conclusion

4️⃣ Update `/etc/hosts` (Optional)

7️⃣ Configure `resolv.conf`

4️⃣ Create Users Using `users.ldif`