Introduction: Make Raspberry Pi Do LDAP Authentication

About: Systems Administrator and Software Programmer.


By default, Raspberry Pi authenticate users against a local password file (/etc/passwd). If I have more than one raspberry pi, then I will have to manage more than one password file. Can I avoid this?


Configure each Rasperry Pi to look up user account and password from a remote LDAP server and authenticate.


This instructable will show how to:

  • Install LDAP Authetication related packages
  • Configure LDAP Authetication
  • Test

This instructable will NOT show how to:

Make Raspberry Pi into a LDAP Server


TheUrbanPenguin LDAP video

Ubuntu LDAP guide

Debian LDAP guide


There must be another remote Raspberry Pi that runs an LDAP Server with a user account database The two Raspberry Pi devices are connected to the network


The following are data about my Raspberry Pi:

No LSB modules are available.

Distributor ID: Debian

Description: Debian GNU/Linux 7.8 (wheezy)

Release: 7.8

Codename: wheezy

Linux raspberrypi 3.18.7+ #755 PREEMPT Thu Feb 12 17:14:31 GMT 2015 armv6l GNU/Linux

Step 1: Configure Domain Name of Raspberry Pi

Open Terminal Emulator in Raspberry Pi

sudo vi /etc/hostname


Save the file

Step 2: Configure Raspberry Pi to Display Login Menu

Complete "Step 1" in my "Make Raspberry Pi a Multi-User Desktop" instructable.

Step 3: Install LDAP Authentication Related Packages

Open Terminal Emulator in Raspberry Pi

sudo apt-get install libnss-ldapd

Step 4: Configure Name Service LDAP Connection Daemon (nslcd)

Open terminal emulator in Raspberry Pi

Modify /etc/nslcd.conf:

sudo vi /etc/nslcd.conf

Enter the following if needed:

# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable. Change according to your setup
uri ldap://
# The search base that will be used for all queries. Change according to your setup
base dc=example,dc=com

Step 5: Configure Name Service Switch

Open terminal emulator in Raspberry Pi

Check that ldap is present in the following file. If not, add it:

sudo vi /etc/nsswitch.conf

passwd:         compat ldap
group: compat ldap shadow: compat ldap
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
netgroup: nis

Save the file if any changes are made.

Step 6: Configure Pluggable Authentication Modules (PAM)

Open terminal emulator in Raspberry Pi

sudo pam-auth-update

Use Unix authentication and LDAP authentication as shown in the screenshot

Enter "OK"

Step 7: Restart the Connection and Caching Daemon

Open terminal emulator in Raspberry Pi

Restart Name Service LDAP Connection Daemon

sudo service nslcd stop
sudo service nslcd start

Restart Name Service Cache Daemon

sudo service nscd stop
sudo service nscd start

Step 8: Test Authentication Using Login Shell

We are going to login in to "john" account created in my "Installing LDAP Server" instructable.

Open terminal emulator in Raspberry Pi

su - john
password: (Enter johnldap)

Terminal emulator will display the following:

No directory, logging in with HOME=/

The LDAP authenticaiton is successful. The "No directory, logging in with HOME=/" indicates that PAM failed to find /home/john directory and it falls back to "/" directory

Step 9: Configure PAM to Auto-create Home Directory Upon Valid Authentication

Open terminal emulator in Raspberry Pi

sudo vi /etc/pam.d/common-session<br>

Insert the following directive before "# end of pam-auth-update config":

session required umask=027 skel=/etc/skel

Save the file

Step 10: Test Authentication Using X Display Manager

Reboot Raspberry Pi

Use the following test account:

user: john
password: johnldap

Raspberry Pi will take between 1 to 3 minutes to do LDAP authenticate and auto-create home directory

Open terminal emulator in Raspberry Pi


The LDAP authentication is successful and the home directory was auto-created as expected