Support Center

Using JumpCloud's LDAP-as-a-Service

Enable the LDAP Service (For organizations created before April 11, 2017)
Create an LDAP Binding User
Add users to the LDAP Directory

Configuration Details and Supported Standards
Examples of Usage
 

Enable the LDAP service 
 
Note: If your organization was created after April 11 2017, it is no longer necessary to explicitly turn on LDAP. Proceed to the next step; Create an LDAP Binding User.


In the JumpCloud Console, go to Settings, toggle the LDAP Service Enable: to ON


Create an LDAP Binding user


 
Notes:
  • It's not required that this user be a 'service account', any JumpCloud user can be set as a binding user
  • Multiple users can be set to be an LDAP Binding User, some applications require this option enabled when any authenticating user also needs to bind and search LDAP, e.g., to determine group membership and authorization to the application 
  • All users are subject to the global password policy, including the LDAP Binding User
  • If your organization was created after Tuesday, April 11 2017, make sure to bind this user to JumpCloud LDAP directly or via group membership, see Add Users... below.


 

Add Users to the LDAP Directory

Users can be added to LDAP individually or via a group.  See Creating LDAP Groups and Binding Users to Resources.

Configuration Details and Supported Standards
 
Hostname ldap.jumpcloud.com
URI/Port ldap://ldap.jumpcloud.com:389 (clear text or STARTTLS)
  ldaps://ldap.jumpcloud.com:636
SSL Certificate JumpCloud LDAPS SSL Certificate
LDAP Distinguished Name uid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
BaseDN ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
Schema Compliance RFC 2307
Samba Configuration See Enabling Samba with JumpCloud LDAP
Other Support for inetOrgPerson, groupOfNames, and posixGroup objects.  Support for memberOf overlay and support for group member search
 
Notes
  • The LDAP DN value is found in the user details (See above screenshot)
  • Your application may not have a field called LDAP Distinguished Name, it may be referred to as the BindDN or may only have a 'username' field paired with a password. This is the correct value for that field
  • The BaseDN may also be referred to as SearchDN, Search Base or other similar terminology


Examples of Usage

Note: LDAP applications typically authenticate against uid, which is the JumpCloud username, not the full email address.
 

Last Updated: Oct 13, 2017 11:08AM MDT

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete