Salesforce

Using ldapsearch with JumpCloud

Printable View
« Go Back
Information
Using ldapsearch with JumpCloud
For testing and configuration purposes, you can use the ldapsearch command with JumpCloud's LDAP service.

Prerequisites:
  • You'll need to create an LDAP Binding User so that you can execute searches on the JumpCloud directory, not just bind to it. For instructions, see Using JumpCloud's LDAP-as-a-Service.
  • ldapsearch is used via Terminal on Linux and Mac. 
  • ldapsearch will only work if users are first added to the LDAP Directory in JumpCloud. See Using JumpCloud's LDAP-as-a-Service for instructions on adding users to the LDAP Directory.
  • Note: In the following ldapsearch examples, you will be required to enter the LDAP binding user's password. 
This article covers:


List all Users in the Directory

All users in the "Users" tab are reflected into the JumpCloud Hosted LDAP service under the OU "ou=Users,o=<your-organization-id>,dc=jumpcloud;dc=com".

Example: 
ldapsearch -H ldaps://ldap.jumpcloud.com:636 -x -b "ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -D "uid=<LDAP-binding-username>,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -W "(objectClass=inetOrgPerson)"

 

List All POSIX Groups in the Directory

POSIX groups are reflected into the JumpCloud Hosted LDAP service when you create a tag or Group of Users in JumpCloud with the "Create Linux group.." enabled in the object's details side panel. They appear under the OU "ou=Users,o=<your-organization-id>,dc=jumpcloud;dc=com". Ensure that the group is assigned to the LDAP directory before performing the search.

Example: 
ldapsearch -H ldaps://ldap.jumpcloud.com:636 -x -b "ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -D "uid=<LDAP-binding-username>,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -W "(objectClass=posixGroup)"

 

List all Groups of Names in the Directory

Groups of names (LDAP objectClass: groupOfNames) can be found in the JumpCloud Hosted LDAP service in the OU "ou=Users,o=<your-organization-id>,dc=jumpcloud;dc=com".

Example: 
ldapsearch -H ldaps://ldap.jumpcloud.com:636 -x -b "ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -D "uid=<LDAP-binding-username>,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -W "(objectClass=groupOfNames)"

 

Using LDAP versus LDAPS (StartTLS - port 389)

As you will note in the above examples, we have provided various methods of executing an ldapsearch using SSL on port 636. You may execute requests similar to the examples above when connecting via StartTLS, with the exception that you will want to have the -ZZ flag set. When you give ldapsearch the -ZZ flag, you are asking it to use "in-band" SSL/TLS by using the StartTLS command.

Example: 
ldapsearch -H ldap://ldap.jumpcloud.com:389 -ZZ -x -b "ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -D "uid=<LDAP-binding-username>,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -W "(objectClass=inetOrgPerson)"

 

Testing Client Authentication 

ldapwhoami -H "ldaps://ldap.jumpcloud.com" -D "uid=UID_TO_TEST,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -x -W


Learn more:
Data Section
using-ldapsearch-with-jumpcloud1
Powered by