{"id":76180,"date":"2023-06-05T13:11:55","date_gmt":"2023-06-05T17:11:55","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=76180"},"modified":"2023-08-14T12:42:02","modified_gmt":"2023-08-14T16:42:02","slug":"use-ldapsearch-with-jumpcloud","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud","title":{"rendered":"Use ldapsearch with JumpCloud"},"content":{"rendered":"\n<p>For testing and configuration purposes, you can use the ldapsearch command with JumpCloud&#8217;s LDAP service.<\/p>\n\n\n\n<p><strong>Prerequisites:<\/strong><\/p>\n\n\n\n<ul>\n<li>You&#8217;ll need to create an LDAP Binding User so that you can execute searches on the JumpCloud directory, not just bind to it. For instructions, see <a href=\"https:\/\/jumpcloud.com\/?post_type=support&amp;p=76177\">Use Cloud LDAP<\/a>.<\/li>\n\n\n\n<li>ldapsearch is used via Terminal on Linux and Mac.&nbsp;<\/li>\n\n\n\n<li>ldapsearch will only work if users are first added to the LDAP Directory in JumpCloud. See <a href=\"https:\/\/jumpcloud.com\/?post_type=support&amp;p=76177\" target=\"_blank\" rel=\"noreferrer noopener\">Use Cloud LDAP<\/a> for instructions on adding users to the LDAP Directory.<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>In the following ldapsearch examples, you will be required to enter the LDAP binding user&#8217;s password.&nbsp;<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">List all Users in the Directory<\/h2>\n\n\n\n<p>All users in the &#8220;Users&#8221; tab are reflected into the JumpCloud Hosted LDAP service under the OU &#8220;ou=Users,o=&lt;your-organization-id&gt;,dc=jumpcloud;dc=com&#8221;.<\/p>\n\n\n\n<p>Example:<\/p>\n\n\n\n<p><code>ldapsearch -H ldaps:\/\/<a href=\"https:\/\/ldap.jumpcloud.com\/\">ldap.jumpcloud.com<\/a>:636 -x -b &#8220;ou=Users,o=<em>YOUR_ORG_ID<\/em>,dc=jumpcloud,dc=com&#8221; -D &#8220;uid=&lt;LDAP-binding-username&gt;,ou=Users,o=<em>YOUR_ORG_ID<\/em>,dc=jumpcloud,dc=com&#8221; -W &#8220;(objectClass=inetOrgPerson)&#8221;<\/code><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">List All POSIX Groups in the Directory<\/h2>\n\n\n\n<p>POSIX groups are reflected into the JumpCloud Hosted LDAP service when you create a tag or Group of Users in JumpCloud with the &#8220;Create Linux group..&#8221; enabled in the object&#8217;s details side panel. They appear under the OU &#8220;ou=Users,o=&lt;your-organization-id&gt;,dc=jumpcloud;dc=com&#8221;. Ensure that the group is assigned to the LDAP directory before performing the search.<\/p>\n\n\n\n<p>Example:<\/p>\n\n\n\n<p><code>ldapsearch -H ldaps:\/\/<a href=\"https:\/\/ldap.jumpcloud.com\/\">ldap.jumpcloud.com<\/a>:636 -x -b &#8220;ou=Users,o=<em>YOUR_ORG_ID<\/em>,dc=jumpcloud,dc=com&#8221; -D &#8220;uid=&lt;LDAP-binding-username&gt;,ou=Users,o=<em>YOUR_ORG_ID<\/em>,dc=jumpcloud,dc=com&#8221; -W &#8220;(objectClass=posixGroup)&#8221;<\/code><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">List all Groups of Names in the Directory<\/h2>\n\n\n\n<p>Groups of names (LDAP objectClass: groupOfNames) can be found in the JumpCloud Hosted LDAP service in the OU &#8220;ou=Users,o=&lt;your-organization-id&gt;,dc=jumpcloud;dc=com&#8221;.<\/p>\n\n\n\n<p>Example:<\/p>\n\n\n\n<p><code>ldapsearch -H ldaps:\/\/<a href=\"https:\/\/ldap.jumpcloud.com\/\">ldap.jumpcloud.com<\/a>:636 -x -b &#8220;ou=Users,o=<em>YOUR_ORG_ID<\/em>,dc=jumpcloud,dc=com&#8221; -D &#8220;uid=&lt;LDAP-binding-username&gt;,ou=Users,o=<em>YOUR_ORG_ID<\/em>,dc=jumpcloud,dc=com&#8221; -W &#8220;(objectClass=groupOfNames)&#8221;<\/code><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Using LDAP versus LDAPS (StartTLS &#8211; port 389)<\/h2>\n\n\n\n<p>As you will note in the above examples, we have provided various methods of executing an ldapsearch using SSL on port 636.\ufeff You may execute requests similar to the examples above when connecting via StartTLS, with the exception that you will want to have the -ZZ flag set. When you give ldapsearch the -ZZ flag, you are asking it to use &#8220;in-band&#8221; SSL\/TLS by using the StartTLS command.<\/p>\n\n\n\n<p>Example:<\/p>\n\n\n\n<p><code>ldapsearch -H ldap:\/\/<a href=\"https:\/\/ldap.jumpcloud.com\/\">ldap.jumpcloud.com<\/a>:389 -ZZ -x -b &#8220;ou=Users,o=<em>YOUR_ORG_ID<\/em>,dc=jumpcloud,dc=com&#8221; -D &#8220;uid=&lt;LDAP-binding-username&gt;,ou=Users,o=<em>YOUR_ORG_ID<\/em>,dc=jumpcloud,dc=com&#8221; -W &#8220;(objectClass=inetOrgPerson)&#8221;<\/code><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Testing Client Authentication&nbsp;<\/h2>\n\n\n\n<p><code>ldapwhoami -H &#8220;ldaps:\/\/<a href=\"https:\/\/ldap.jumpcloud.com\/\">ldap.jumpcloud.com<\/a>&#8221; -D &#8220;uid=<em>UID_TO_TEST<\/em>,ou=Users,o=<em>YOUR_ORG_ID<\/em>,dc=jumpcloud,dc=com&#8221; -x -W<\/code><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Troubleshooting: ldapsearch Can&#8217;t Contact LDAP Server<\/h2>\n\n\n\n<p>When your server&#8217;s CA root certificates do not contain our CA, your ldapsearch will refuse to connect to JumpCloud because it cannot verify that our certificate was created by a trusted third party, resulting in the following error message:<\/p>\n\n\n\n<p><code>ldap_sasl_bind(SIMPLE): Can&#8217;t contact LDAP server (-1)<\/code><\/p>\n\n\n\n<p>When this happens, you may be able to correct it by doing the following:<\/p>\n\n\n\n<p><strong>CentOS\/RedHat\/Amazon Linux<\/strong><\/p>\n\n\n\n<ol>\n<li>Edit&nbsp;<code>\/etc\/openldap\/ldap.conf<\/code><\/li>\n\n\n\n<li>Replace&nbsp;any lines that start with <code>TLS_CACERT <\/code>with the following:<\/li>\n<\/ol>\n\n\n\n<p>            <code>TLS_CACERT \/etc\/ssl\/certs\/ca-bundle.crt<\/code><\/p>\n\n\n\n<p><strong>Ubuntu<\/strong><br>The following command may correct the issue:<br><code>update-ca-certificates<\/code><br><strong>MacOS<\/strong><br>On macOS, no additional CAs are required, so all certs are already in place.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>For testing and configuration purposes, you can use the ldapsearch command with JumpCloud&#8217;s LDAP service. Prerequisites: List all Users in [&hellip;]<\/p>\n","protected":false},"author":204,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2845,2896],"support_tag":[],"coauthors":[2838],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>- JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to use ldapsearch.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Use ldapsearch with JumpCloud\" \/>\n<meta property=\"og:description\" content=\"Learn how to use ldapsearch.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-14T16:42:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"jenniferklein\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud\",\"url\":\"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud\",\"name\":\"- JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2023-06-05T17:11:55+00:00\",\"dateModified\":\"2023-08-14T16:42:02+00:00\",\"description\":\"Learn how to use ldapsearch.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Use ldapsearch with JumpCloud\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"- JumpCloud","description":"Learn how to use ldapsearch.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud","og_locale":"en_US","og_type":"article","og_title":"Use ldapsearch with JumpCloud","og_description":"Learn how to use ldapsearch.","og_url":"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud","og_site_name":"JumpCloud","article_modified_time":"2023-08-14T16:42:02+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes","Written by":"jenniferklein"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud","url":"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud","name":"- JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2023-06-05T17:11:55+00:00","dateModified":"2023-08-14T16:42:02+00:00","description":"Learn how to use ldapsearch.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Use ldapsearch with JumpCloud"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76180"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/204"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76180\/revisions"}],"predecessor-version":[{"id":95726,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76180\/revisions\/95726"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=76180"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=76180"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=76180"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=76180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}