Creating a User Home directory when you use LDAP Authentication

Published 25 May 2004

More options


Authors: Gregory Geiselhart


Lightweight Directory Access Protocol (LDAP) allows a system administrator to centrally define and manage Linux users. Using LDAP, an administrator can define a user to many Linux systems. User information,such as the user password and location of the user's home directory, is stored in the LDAP directory rather than on the local Linux system. This technote describes how to configure the Pluggable Authentication Module (PAM) to automatically create a user home directory the first time a user logs on.


Linux users usually have their home directory (typically the /home/userid directory) created when the user ID is defined. When using LDAP authentication, users are remotely defined (and have no home directory created on the local host). Two possibilities exist to avoid manual creation of a home directory for each LDAP defined user:

  • The user home directory can be located on a network file server (for example, an NFS-mounted file system).
  • The home directory can be automatically created when a user first logs in.
    For login services except SSH, add the module to the PAM configuration file for the service, /etc/pam.d/login,
    for example:
      session required skel=/etc/skel/ umask=0077
    If a user authenticates and no home directory exists, the home directory is created in /home. The umask=0077 parameter causes the directory permission to be set to 700. The home directory is constructed from the skeletal files found in the /etc/skel directory.

    Beginning with OpenSSH Version 3.3, automatic creation of a user home directory using is no longer supported due to a security modification in SSH. You can use the make_home_dir replacement for The make_home_dir package is available at:

Special Notices

This material has not been submitted to any formal IBM test and is published AS IS. It has not been the subject of rigorous review. IBM assumes no responsibility for its accuracy or completeness. The use of this information or the implementation of any of these techniques is a client responsibility and depends upon the client's ability to evaluate and integrate them into the client's operational environment.

Follow IBM Redbooks

Follow IBM Redbooks