apt-get install libpam-ldap -y
apt-get install libnss-ldap -y
apt-get install libpam-cracklib -y
Note: libpam-cracklib is not required for LDAP (it
just enforces strong passwords)
The following config files work, but you can change
them to suit your needs:
/etc/pam.d/common-auth:
auth sufficient pam_ldap.so
auth required pam_unix.so use_first_pass
/etc/pam.d/common-account:
account sufficient pam_ldap.so
account required pam_unix.so
/etc/pam.d/common-password:
password required pam_cracklib.so retry=3 minlen=6
difok=3
password sufficient pam_ldap.so use_authtok
try_first_pass
password required pam_unix.so use_authtok
try_first_pass md5
Also, if you intend to change user passwords with
passwd via libpam-ldap, you will need to patch
pam_ldap.so:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=284104
Good luck!