TLS 1.0 will be deprecated in JumpCloud on 6/19/2018. More info.

Support Center

Using ldapsearch with JumpCloud

For testing and configuration purposes, you can use ldapsearch with JumpCloud's Hosted LDAP service.

In order to use ldapsearch with JumpCloud, you'll need to create an LDAP Binding User Service Account so that you can execute searches on the JumpCloud directory, not just bind to it. See Using JumpCloud's LDAP-as-a-Service.

NOTE: In the following ldapsearch examples, you will be required to enter the LDAP binding user's password. 


List All Users in the Directory


All users in the "Users" tab are reflected into the JumpCloud Hosted LDAP service under the OU "ou=Users,o=<your-organization-id>,dc=jumpcloud;dc=com".

Example:
ldapsearch -H ldaps://ldap.jumpcloud.com:636 -x -b "ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -D "uid=<LDAP-binding-username>,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -W "(objectClass=inetOrgPerson)"


List All POSIX Groups in the Directory


POSIX groups are reflected into the JumpCloud Hosted LDAP service when you create a tag or Group of Users in JumpCloud with the "Create Linux group.." enabled in the object's details side panel. They appear under the OU "ou=Users,o=<your-organization-id>,dc=jumpcloud;dc=com".

Example:
ldapsearch -H ldaps://ldap.jumpcloud.com:636 -x -b "ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -D "uid=<LDAP-binding-username>,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -W "(objectClass=posixGroup)"


List All Groups of Names in the Directory


Groups of names (LDAP objectClass: groupOfNames) can be found in the JumpCloud Hosted LDAP service in the OU "ou=Users,o=<your-organization-id>,dc=jumpcloud;dc=com".

Example:
ldapsearch -H ldaps://ldap.jumpcloud.com:636 -x -b "ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -D "uid=<LDAP-binding-username>,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -W "(objectClass=groupOfNames)"


Using LDAP versus LDAPS (StartTLS - port 389)


As you will note in the above examples, we have provided various methods of executing an ldapsearch using SSL on port 636.´╗┐  You may execute requests similar to the examples above when connecting via StartTLS, with the exception that you will want to have the -ZZ flag set.  When you give ldapsearch the -ZZ flag, you are asking it to use "in-band" SSL/TLS by using the StartTLS command.

Example:
ldapsearch -H ldap://ldap.jumpcloud.com:389 -ZZ -x -b "ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -D "uid=<LDAP-binding-username>,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -W "(objectClass=inetOrgPerson)"


Testing Client Authentication

 
ldapwhoami -H "ldaps://ldap.jumpcloud.com" -D "uid=UID_TO_TEST,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -x -W
 

Last Updated: Apr 12, 2017 10:59AM MDT

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete