Support Center

Using JumpCloud's LDAP-as-a-Service

Enable the LDAP Service (For organizations created before April 11, 2017)
Create an LDAP Binding User
Add users to the LDAP Directory

Configuration Details and Supported Standards
Examples of Usage

Enable the LDAP service 

Note: If your organization was created after April 11 2017, it is no longer necessary to explicitly turn on LDAP. Proceed to creating an LDAP Binding User.

In the JumpCloud Console, go to Settings, toggle the LDAP Service Enable: to ON

Create an LDAP Binding user

  • It's not required that this user be a 'service account', any JumpCloud user can be set as a binding user
  • Multiple users can be set to be an LDAP Binding User, some applications require this option enabled when any authenticating user also needs to bind and search LDAP, e.g., to determine group membership and authorization to the application 
  • All users are subject to the global password policy, including the LDAP Binding User
  • If your organization was created after Tuesday, April 11 2017, make sure to bind this user to JumpCloud LDAP directly or via group membership, see Add Users... below.

Add Users to the LDAP Directory

Users can be added to LDAP individually or via a group.  See Creating LDAP Groups and Binding Users to Resources.

Configuration Details and Supported Standards


URI: ldap:// (
clear text or STARTTLS) - OR -
        ldaps:// (

Ports: 389 (clear text or STARTTLS) - OR -
           636 (SSL)

LDAPS Client Certificate: If required by your application, see JumpCloud LDAPS SSL Client Certificate

LDAP Distinguished Name: uid=
  • This value is found in the user details (See above screenshot)
  • Your application may not have a field called LDAP Distinguished Name, it may be referred to as the BindDN or may only have a 'username' field paired with a password. This is the correct value for that field

BaseDN: ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
Note: This may also be referred to as SearchDN, Search Base or other similar terminology

Schema Compliance: RFC 2307
Note: Samba Schema is not currently supported

Other: Support for inetOrgPerson, groupOfNames, and posixGroup objects.  Support for memberOf overlay and support for group member search

Examples of Usage

Note: LDAP applications typically authenticate against uid, which is the JumpCloud username, not the full email address.

Last Updated: Jul 26, 2017 03:41PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found