{"id":110216,"date":"2024-05-10T14:39:46","date_gmt":"2024-05-10T18:39:46","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=110216"},"modified":"2024-05-10T16:38:04","modified_gmt":"2024-05-10T20:38:04","slug":"configure-adi-to-use-ldaps","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps","title":{"rendered":"Configure ADI to use LDAPS"},"content":{"rendered":"\n

JumpCloud can integrate with Active Directory Domain Services (AD) using the JumpCloud Active Directory Integration (ADI). ADI enables the syncing of users, groups, and passwords between JumpCloud and on-premise or off-premise AD in flexible configurations to support your specific use case, goals, and AD environment.<\/p>\n\n\n\n

This article will cover testing the LDAPS configuration in AD to ensure it is functional, and how to configure the Import and Sync Agents to communicate over LDAPS.<\/p>\n\n\n\n

Testing for Secure LDAP (LDAPS) in a your AD Environment<\/h2>\n\n\n\n

Secure LDAP (LDPAS) allows for the encryption of LDAP data (which includes user credentials) in transit during any communication with the LDAP server (like a directory bind), thereby protecting against credential theft. It is not sufficient to only check if the Domain Controller is listening on the LDAPS port (TCP 636), you also need to confirm if LDAPS is working.<\/p>\n\n\n\n

To verify if LDAPS has been configured on your Domain Controller and is functioning correctly, perform the following steps on each Domain Controller to which JumpCloud ADI will need to communicate.<\/p>\n\n\n\n

    \n
  1. RDP onto the Domain Controller.<\/li>\n\n\n\n
  2. Open the Run dialogue box and run the ldp.exe<\/kbd> application.<\/li>\n\n\n\n
  3. Within the Ldp window, select Connection > Connect…<\/strong><\/li>\n\n\n\n
  4. In the Connect <\/strong>window, enter the following:\n
      \n
    • Server:<\/strong> Your server’s FQDN<\/li>\n\n\n\n
    • Port:<\/strong> 636<\/li>\n\n\n\n
    • SSL:<\/strong> Enabled<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n
      \"\"<\/figure>\n\n\n\n
        \n
      1. Click OK<\/strong>.<\/li>\n\n\n\n
      2. If the server is correctly configured for LDAPS, line 5 of the output (you might need to scroll up) will show that the host supports SSL.<\/li>\n<\/ol>\n\n\n\n
        \"\"<\/figure>\n\n\n\n

        If the host is NOT configured for LDAPS, then the following message will be shown and no changes will need to be made to your AD Import and Sync Agents.<\/p>\n\n\n\n

        \"\"<\/figure>\n\n\n\n

        Configuring the JumpCloud Active Directory Import Agent for LDAPS<\/h2>\n\n\n\n

        <\/p><\/div>

        Important:<\/strong> \n

        Ensure you are on the latest version of the Active Directory Import Agent before proceeding.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

        To enable LDAPS for the JumpCloud Active Directory Import Agent, you need Administrative access to the Domain controller or Member server on which the Agent is installed.<\/p>\n\n\n\n

          \n
        1. Using Windows Explorer, browse to C:\\Program Files\\JumpCloud\\AD Integration\\JumpCloud AD Import\\<\/kbd>.<\/li>\n\n\n\n
        2. Open jcadimportagent.config.json<\/kbd> using your preferred text editor. Your config file will look similar to this one:<\/li>\n<\/ol>\n\n\n\n
          \"\"<\/figure>\n\n\n\n
            \n
          1. Modify the following fields:\n
              \n
            • ServerIP <\/strong>– change from 127.0.0.1 to your server’s FQDN (server.contoso.com)<\/li>\n\n\n\n
            • AllowInsecureConnection <\/strong>– change to false<\/kbd><\/li>\n\n\n\n
            • Address <\/strong>– change from 127.0.0.1 to your server\u2019s FQDN (server.contoso.com)<\/li>\n<\/ul>\n<\/li>\n\n\n\n
            • When you\u2019re done, your configuration file will look similar to the following image:<\/li>\n<\/ol>\n\n\n\n
              \"\"<\/figure>\n\n\n\n
                \n
              1. Save your changes and restart the JumpCloud AD Integration Import Agent service.<\/li>\n\n\n\n
              2. If the service fails to restart, double check that the information entered into the Config file is correct. If everything looks correct, please review the Import Agent log for additional details\n
                  \n
                • Browse to C:\\Windows\\Temp\\JumpCloud_AD_Integration.log<\/kbd> to find the Import agent log<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n

                  When LDAPS is not enabled in your AD Import Agent, you will see a message in your Import log similar to the one below:<\/p>\n\n\n\n

                  \n

                  JCADImportAgent:2024\/04\/15 08:12:53 validator.go:74: WARNING: eid=’1′, msg=’LDAP is not secure and transmits unencrypted data using TCP. JumpCloud strongly recommends to use LDAPS for this integration.’
                  JCADImportAgent:2024\/04\/15 08:14:23 jcadimportagent.go:143:<\/p>\n<\/div><\/div>\n\n\n\n

                  Once LDAPS is enabled you will no longer see that message in your Import Agent log file.<\/p>\n\n\n\n

                  Configuring the JumpCloud Active Directory Sync Agent for LDAPS <\/h2>\n\n\n\n

                  <\/p><\/div>

                  Important:<\/strong> \n

                  Ensure you are on the latest version of the Active Directory Import Agent before proceeding.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

                  To enable LDAPS for the JumpCloud Active Directory Sync Agent you will need Administrative access to the Domain controller or Member server on which the Agent is installed.<\/p>\n\n\n\n

                    \n
                  1. Using Windows Explorer, browse to C:\\Program Files\\JumpCloud\\AD Integration\\JumpCloud AD Sync<\/kbd>.<\/li>\n\n\n\n
                  2. Open the config.json<\/kbd> file using your preferred text editor. Your config file will look similar to this one:<\/li>\n<\/ol>\n\n\n\n
                    \"\"<\/figure>\n\n\n\n
                      \n
                    1. Modify the following fields:\n
                        \n
                      • Address <\/strong>– change from 127.0.0.1 to your server’s FQDN (Server.contoso.com)<\/li>\n\n\n\n
                      • AllowInsecureConnection <\/strong>– change to false<\/kbd><\/li>\n<\/ul>\n<\/li>\n\n\n\n
                      • When you\u2019re done your configuration file will look similar to the following image:<\/li>\n<\/ol>\n\n\n\n
                        \"\"<\/figure>\n\n\n\n
                          \n
                        1. Save your changes and restart the JumpCloud AD Integration Sync Agent service.<\/li>\n\n\n\n
                        2. If the service fails to restart, double check that the information entered into the Config file is correct. If everything looks correct, please review the Import Agent log for additional details.\n
                            \n
                          • Browse to C:\\Windows\\Temp\\JumpCloud_AD_Integration.log<\/kbd> to find the Import agent log<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

                            JumpCloud can integrate with Active Directory Domain Services (AD) using the JumpCloud Active Directory Integration (ADI). ADI enables the syncing […]<\/p>\n","protected":false},"author":205,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2904,2855,2845,2954,2896],"support_tag":[],"coauthors":[2839],"acf":[],"yoast_head":"\nConfigure ADI to use LDAPS - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to test the LDAPS configuration in AD to ensure it is functional, and how to configure the Import and Sync Agents to communicate over LDAPS.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Configure ADI to use LDAPS\" \/>\n<meta property=\"og:description\" content=\"Learn how to test the LDAPS configuration in AD to ensure it is functional, and how to configure the Import and Sync Agents to communicate over LDAPS.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-10T20:38:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"joyjaswinski\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps\",\"url\":\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps\",\"name\":\"Configure ADI to use LDAPS - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png\",\"datePublished\":\"2024-05-10T18:39:46+00:00\",\"dateModified\":\"2024-05-10T20:38:04+00:00\",\"description\":\"Learn how to test the LDAPS configuration in AD to ensure it is functional, and how to configure the Import and Sync Agents to communicate over LDAPS.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png\",\"width\":746,\"height\":459},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Configure ADI to use LDAPS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Configure ADI to use LDAPS - JumpCloud","description":"Learn how to test the LDAPS configuration in AD to ensure it is functional, and how to configure the Import and Sync Agents to communicate over LDAPS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps","og_locale":"en_US","og_type":"article","og_title":"Configure ADI to use LDAPS","og_description":"Learn how to test the LDAPS configuration in AD to ensure it is functional, and how to configure the Import and Sync Agents to communicate over LDAPS.","og_url":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps","og_site_name":"JumpCloud","article_modified_time":"2024-05-10T20:38:04+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes","Written by":"joyjaswinski"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps","url":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps","name":"Configure ADI to use LDAPS - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png","datePublished":"2024-05-10T18:39:46+00:00","dateModified":"2024-05-10T20:38:04+00:00","description":"Learn how to test the LDAPS configuration in AD to ensure it is functional, and how to configure the Import and Sync Agents to communicate over LDAPS.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/RDP-Server-window.png","width":746,"height":459},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/configure-adi-to-use-ldaps#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Configure ADI to use LDAPS"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/110216"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/205"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/110216\/revisions"}],"predecessor-version":[{"id":110244,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/110216\/revisions\/110244"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=110216"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=110216"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=110216"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=110216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}