Configure a Debian host for a Kwartz server, or for some LDAP service
In many French secondary schools, a LDAP service is provided by a Kwartz server (see https://www.kwartz.com). Hence the name of the package, kwartz-client. However this package can be used for any other LDAP directory, provided one understands the questions used during the configuration of the package.
The package kwartz-client
When this article was published, the package kwartz-client is in the official Debian repository, as a candidate for the next stable Debian distribution, bullseye. Its description and download links can be accessed from https://packages.debian.org/unstable/kwartz-client
Dependencies of the package kwartz-client are:
All those dependencies can be found in the distribution Debian 10 (code name buster).
Let us suppose below that one has a Debian 10 distribution, already installed
and active on the host being configured, and that one has super-user
permissions. The prompt
# starting command lines is a reminder that the
commands must be validated by the
Steps in kwartz-client's install
As the package kwartz-client is not yet part of Debian 10, but that its dependencies are part of this distribution, one must begin by a direct download of the package's archive; for example if the version is 1.0-4, the archive can be downloaded from http://ftp.de.debian.org/debian/pool/main/k/kwartz-client/kwartz-client_1.0-4_all.deb
(partial) installation of the package kwartz-client
Let us suppose that the package kwartz-client_1.0-4_all.deb is
already downloaded; then one must install it with the command:
# dpkg -i kwartz-client_1.0-4_all.deb
The archive will be uncompressed, but very probably not completely installed: one missing dependency is enough to prevent the full installation.
install dependencies of the package kwartz-client
Then the easiest way is to ask for an automatic search of missing packages
with the command
apt. This implies that one has access to Internet. If one
root on the host, and that Internet can be reached by the proxy server
provided by Kwartz, one can define the proxy so:
# export http_proxy=<kwartz' IP address>:3128
When the variable
http_proxy is properly defined, on calls the command:
# apt update
to update the list of available packages ; if it does not work, one must
configure the Kwartz server to give access to Internet with no filter, based
on the host's IP address. One can also satisfy Kwartz' access policy by
installing the package
oidentd, but it becomes something like a
When one uses
apt's features, it can automatically add dependencies of
wanted packages. When the command
apt update is successful, one can
apt -f install, which checks for inconsistencies in the
installed packages, and then download, install, configure dependencies of
kwartz-client. Questions will be asked during the configuration
of dependencies ... it does not harm if one replies a mistake at that moment,
because ... be careful ... when the configuration of kwartz-client
begins, every important question will be asked once more, and then one must
provide the right response.
kwartz-client's configuration dialog
Before beginning to configure kwartz-client, one should prepare a short paper form, and fill it with the help of the network's admin. Here is the form:
IP address of the LDAP server : .......................................
this address can be some numbers like 172.16.0.254, but it can also be a symbolic name like serveur.lycee.jb, for instance
Port of the LDAP service when it is not standard : ....................
The standard port number is 389; in a few cases the LDAP service should be accessed via some other port number, for instance 1389.
The base to begin searches from in the directory : ....................
Most often, it matches the ends of the symbolic IP address of the server, i.e. its domain name. If the IP address was serveur.lycee.jb, then the base is:
The path to a user known in the database : ............................
From year 2018 on, one can no longer access Kwartz' LDAP directory in a completely anonymous mode. So, one must know the name of one user. Hint for the network's admin: the user must be part of some non-privileged group, but one must ensure that this user will not be erased later during some maintenance. So, when there are groups of students, teachers, or other real persons, one should avoid using such a group where people can be erased some day. Here is an example, where a user of login "personne" was defined:
This user's password : ................................................
Every user in the directory has his password. For the powerless user defined above, one must know the password (avoid using too simple passwords).
The NETBIOS name of the Kwartz : ....................................
It is the name of the Kwartz server as it appears in a Windows neighborhood. For example:
When the paper for is filled, one must prepare the LDAP URI of the server.
- Simple syntax
- The port number is standard (i.e. 389); the the URI is:
ldap://<server's IP address>/
- Complete syntax
- The port number is not standard; then the URI is:
ldap://<server's IP address>:<port number>/
Et voilà, you are ready to configure the package. Run the command
sudo dpkg-reconfigure kwartz-client whenever you want to replay
the configuration dialog.
kwartz-client is installed, what next?
If kwartz-client's configuration is correct, and that the host is well connected to the local network enjoying Kwartz server' services, then one should be able to change the user, and authenticate on the Kwartz network: usually with a login like first_name.last_name, and the associated password.
If there is a mistake in the configuration, the the authentication fails.
One can configure the package again, with the command
# dpkg-reconfigure kwartz-client
When the authentication succeeds, the authenticated user is provided a graphic desktop, and will find on it three mount points for network shares:
- to access personal data, including the directory Travail, which Windows may sometimes present like a directory « My Documents », inside the network device named H:;
- to access « commons », belonging to each groups where the user is subscribed. Common data are read-write;
- to access « public » data, belonging to each groups where the user is subscribed. Common data are read-only for students, read-write for members of the teacher group.
License of this document
You are free to copy this document, to share it likewise or with some modifications; however the license CC-BY-SA makes mandatory to cite authors, and to distribute the document with this same license, whether it is modified or not.
The complete text of the license Creative Commons - By - Share Alike can be downloaded from https://creativecommons.org/licenses/by-sa/4.0/legalcode