Salesforce

Creating LDAP Groups

Printable View
« Go Back
Information
Creating LDAP Groups
When Groups of Users are bound to the JumpCloud LDAP Directory, LDAP groups are created. Creating a user group helps you manage which users have access to specific applications, resources, and networks. User groups can save you time and ensure that each user has the appropriate level of access. For more information about JumpCloud Groups, see Getting Started: Groups.
 
Note: Groups will not be created in LDAP unless the group contains individual members. An LDAP user must be bound to an LDAP group in order for the LDAP group to appear in an ldapsearch.
 
To create an LDAP group:
  1. Create a new group. The group Name will correspond to its cn in groupOfNames.
    • (Optional) Create a Linux group name and GID, this will correspond with the cn in the posixGroup objectClass. Linux group names are case sensitive. 
      NOTE: Some LDAP enabled resources require this option for LDAP group presentation.
    • (Optional) Enable Samba Authentication. See Enabling Samba with JumpCloud LDAP for more information.

      Ldap user group.png
  2. On the Users tab, select the users to belong to this group.
ldap_User_list.png
  1. On the Directories tab, bind the group to LDAP by selecting JumpCloud LDAP from the list.
Save your policy. A group configured as above will yield the following within LDAP:

The Name of the group will defined in the groupOfNames objectClass: 
# extended LDIF
#
# LDAPv3
# base  with scope subtree
# filter: (&(objectClass=groupOfNames)(cn=LDAP Fileserver))
# requesting: ALL
#

# LDAP Fileserver, Users, 56f19b119508329e48e68647, jumpcloud.com
dn: cn=LDAP Fileserver,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
cn: LDAP Fileserver
ou: LDAP Fileserver
objectClass: top
objectClass: groupOfNames
description: tagGroup
member: uid=cfroome,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
member: uid=sroche,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
member: uid=sprefontaine,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=c
 om
member: uid=jvoigt,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
member: uid=nquintana,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
Optionally, if 'Create Linux group for this user group', you must provide a name different from the above so it is unique for the posixGroup, and also specify the desired GID. This will become a group defined in the posixGroup ObjectClass: 
# extended LDIF
#
# LDAPv3
# base  with scope subtree
# filter: (&(objectClass=posixGroup)(cn=ldapfileserver))
# requesting: ALL
#

# ldapfileserver, Users, 56f19b119508329e48e68647, jumpcloud.com
dn: cn=ldapfileserver,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
objectClass: top
objectClass: posixGroup
description: tagGroup
gidNumber: 7001
cn: ldapfileserver
memberUid: cfroome
memberUid: sroche
memberUid: sprefontaine
memberUid: jvoigt
memberUid: nquintana

Note: If you need to rename an LDAP user group, see Renaming an LDAP Group.
Data Section
creating-ldap-groups-2019-08-21-10-36-47
Powered by