UCSC runs two directory services: Blue & Gold, on ldap-blue.ucsc.edu & ldap-gold.ucsc.edu respectively. The Blue directory service carries a lot of baggage. For example, here is my LDAP entry:

dn: uid=shaw,ou=people,dc=ucsc,dc=edu
cn: Shawfeng Dong
homeDirectory: /afs/cats.ucsc.edu/users/t/shaw
loginShell: /usr/bin/bash
objectClass: posixAccount
uid: shaw
uidNumber: 16348
gidNumber: 100000

Particularly glaring is the attribute for homeDirectory: /afs/cats.ucsc.edu/users/t/shaw, which harkens back to the old happy days when AFS was popular and widely deployed! To use this legacy directory service for authentication on modern Linux, we need to map / overwrite the attributes, especially the homeDirectory attribute.

Fortunately, solutions are easy and varied.

1) I wrote an article in 2014, describing how to use an init shell script to overwrite the homeDirectory attribute and automatically create home directories.

2) If you use nss-pam-ldapd, you can use nslcd to map attributes. Add the following to /etc/nslcd.conf:

map passwd gidNumber uidNumber
map passwd homeDirectory "/home/$uid"

3) If you use SSSD, you can use the override_homedir option. Add the following to /etc/sssd/sssd/conf:

override_homedir = /home/%u