Add users to the LDAP Directory
Configuration Details and Supported Standards
Examples of Usage
Example Schema
Create an LDAP Binding user
Notes:
- It's not required that this user be a 'service account', any JumpCloud user can be set as a binding user
- Multiple users can be set to be an LDAP Binding User, some applications require this option enabled when any authenticating user also needs to bind and search LDAP, e.g., to determine group membership and authorization to the application
- Any user, including the LDAP Binding User, can be excluded from password expiration policy by selecting PASSWORD NEVER EXPIRES. All other password policies are global and will apply.
Add Users to the LDAP Directory
Users can be added to LDAP individually or via a group. See Creating LDAP Groups and Binding Users to Resources.
Configuration Details and Supported Standards
| Hostname | ldap.jumpcloud.com |
| URI/Port | ldap://ldap.jumpcloud.com:389 (clear text or STARTTLS) |
| ldaps://ldap.jumpcloud.com:636 | |
| SSL Certificate | JumpCloud LDAPS SSL Certificate |
| LDAP Distinguished Name | uid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com |
| BaseDN | ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com |
| Schema Compliance | RFC 2307 |
| Samba Configuration | See Enabling Samba with JumpCloud LDAP |
| Other | Support for inetOrgPerson, groupOfNames, and posixGroup objects. Support for memberOf overlay and support for group member search |
Notes
- The LDAP DN value is found in the user details (See above screenshot)
- Your application may not have a field called LDAP Distinguished Name, it may be referred to as the BindDN or may only have a 'username' field paired with a password. This is the correct value for that field
- The BaseDN may also be referred to as SearchDN, Search Base or other similar terminology
Examples of Usage
Note: LDAP applications typically authenticate against uid, which is the JumpCloud username, not the full email address.
- For basic testing, on Linux or OS X, this menu-driven script leverages ldapsearch. Download here.
- For testing in Windows, ldapsearch is available in OpenLDAP for Windows
- An example of a UI driven LDAP configuration with OpenVPN, Configuring OpenVPN to use JumpCloud's LDAP-as-a-Service
- See Also, Creating LDAP Groups
Example Schema
# auser, Users, 56c35d17a38ac9551e1e7857, jumpcloud.com dn: uid=auser,ou=Users,o=56c35d17a38ac9551e1e7857,dc=jumpcloud,dc=com gidNumber: 5006 givenName: Admin sn: User homePhone: +1 555-555-7777 mobile: +1 555-555-6666 pager: +1 555-555-9999 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: shadowAccount objectClass: posixAccount objectClass: jumpcloudUser uid: auser l: Boulder postalCode: 80302 street: 123 main loginShell: /bin/bash sshKey: ssh-rsa YOUR_KEY cn: Admin User telephoneNumber: +1 555-555-8888 facsimileTelephoneNumber: +1 555-555-0000 st: CO homeDirectory: /home/auser mail: auser@yourdomain.local postOfficeBox: 3333 uidNumber: 5006 homePostalAddress: 2040 14th St. Ste. 200$Boulder CO 80304$USA postalAddress: 123 main$Boulder CO 80302$USA employeeNumber: 1234a
