Install and configure LDAP client on Ubuntu 

Please attempt to setup SSSD client first. LDAP Client setup will be for older OSes. 

1. Install LDAP client utilities on the Ubuntu client: 

sudo apt -y install libnss-ldap libpam-ldap ldap-utils

2. Enter LDAP URI - This information can be the IP address or hostname of the ldap server: 

ldap://ma1prdldap01.stratus.com

3. Set the search base DN:

dc=sraeng,dc=com

 4. Select LDAP version 3: 

3

 5. Select 'YES' for 'Make local root Database admin' : 

Yes

 6. Answer 'No' for 'Does the LDAP database require login?':  

No

7. Set LDAP root DN: 

cn=admin,dc=sraeng,dc=com

8. Enter the password root DN (secret):

**********

9. After the installation, edit '/etc/nsswitch.conf' and add ldap authentication to 'passwd' and ‘group’ lines

passwd: compat systemd ldap
group: compat systemd ldap
shadow: compat

10. Modify '/etc/pam.d/common-password'. Remove use_authok on line 26, the line should look like this: 

#
# /etc/pam.d/common-password - password-related modules common to all
services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords. The default is pam_unix.
# Explanation of pam_unix options:
# The "yescrypt" option enables
#hashed passwords using the yescrypt algorithm, introduced in Debian
Modify '/etc/pam.d/common-session' to enable the creation of home directory on first login. Add
the line: 'session optional pam_mkhomedir.so skel=/etc/skel umask=077'
#11. Without this option, the default is Unix crypt. Prior releases
#used the option "sha512"; if a shadow password hash will be shared
#between Debian 11 and older releases replace "yescrypt" with "sha512"
#for compatibility . The "obscure" option replaces the old
#`OBSCURE_CHECKS_ENAB' option in login.defs. See the pam_unix manpage
#for other options.
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
password [success=2 default=ignore] pam_unix.so obscure yescrypt
password [success=1 user_unknown=ignore default=die] pam_ldap.so
try_first_pass
# password [success=1 user_unknown=ignore default=die] pam_ldap.so
use_authtok try_first_pass
# here's the fallback if no module succeeds
password requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config 

11. Modify '/etc/pam.d/common-session' to enable the creation of home directory on first login. Add the line:

session optional pam_mkhomedir.so skel=/etc/skel umask=077
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of interactive sessions.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote sessions
etc.
# See "man pam_umask".
session optional pam_umask.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session optional pam_ldap.so
session optional pam_systemd.so
session optional pam_mkhomedir.so skel=/etc/skel umask=077
# end of pam-auth-update config