{"id":83108,"date":"2023-06-05T13:11:44","date_gmt":"2023-06-05T17:11:44","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=83108"},"modified":"2024-01-09T18:15:36","modified_gmt":"2024-01-09T23:15:36","slug":"create-an-ldap-group","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/create-an-ldap-group","title":{"rendered":"Create an LDAP Group"},"content":{"rendered":"\n

When groups of users are bound to the JumpCloud LDAP Directory, LDAP groups are created. Creating a user group helps you manage which users have access to specific applications, resources, and networks. User groups can save you time and ensure that each user has the appropriate level of access. For more information about JumpCloud groups, see Get Started: User Groups<\/a>.<\/p>\n\n\n\n

<\/p><\/div>

Note:<\/strong> \n

Groups will not be created in LDAP unless the group contains individual members. An LDAP user must be bound to an LDAP group in order for the LDAP group to appear in an ldapsearch.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

Creating an LDAP Group<\/h2>\n\n\n\n

To create an LDAP group<\/strong>:<\/p>\n\n\n\n

    \n
  1. Create a new user group. The group Name<\/strong> will correspond to its cn<\/kbd> in groupOfNames<\/kbd>.<\/li>\n\n\n\n
  2. (Optional) Create a Linux Group Name<\/strong> and Group GID<\/strong>. This will correspond with the cn<\/kbd><\/code> in the posixGroup<\/kbd> objectClass. Linux group names are case sensitive.<\/li>\n<\/ol>\n\n\n\n

    <\/p><\/div>

    Note:<\/strong> \n

    Some LDAP enabled resources require this option for LDAP group presentation.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

      \n
    1. (Optional) Enable Samba Authentication. See Configure Samba Support to Use Cloud LDAP<\/a> for more information.
      \"\"<\/li>\n<\/ol>\n\n\n\n
        \n
      1. On the Users<\/strong> tab, select the users to belong to this group.<\/li>\n\n\n\n
      2. On the Directories<\/strong> tab, bind the group to LDAP by selecting JumpCloud LDAP from the list.<\/li>\n\n\n\n
      3. Save your group. A group configured as above will yield the following within LDAP:<\/li>\n<\/ol>\n\n\n\n

        The Name of the group is defined in the groupOfNames<\/code> objectClass:<\/p>\n\n\n\n

        \n

        # extended LDIF
        #
        # LDAPv3
        # base  with scope subtree
        # filter: (&(objectClass=groupOfNames)(cn=LDAP Fileserver))
        # requesting: ALL
        #

        # LDAP Fileserver, Users, 56f19b119508329e48e68647, jumpcloud.com
        dn: cn=LDAP Fileserver,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
        cn: LDAP Fileserver
        ou: LDAP Fileserver
        objectClass: top
        objectClass: groupOfNames
        description: tagGroup
        member: uid=cfroome,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
        member: uid=sroche,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
        member: uid=sprefontaine,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
        member: uid=jvoigt,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
        member: uid=nquintana,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com<\/p>\n<\/div><\/div>\n\n\n\n

        Optionally, if Create Linux group for this user group<\/strong> is selected, you must provide a name different from the above so that it is unique for the posixGroup<\/code>, and also specify the desired GID. This will become a group defined in the posixGroup<\/code> ObjectClass:<\/p>\n\n\n\n

        \n

        # extended LDIF
        #
        # LDAPv3
        # base  with scope subtree
        # filter: (&(objectClass=posixGroup)(cn=ldapfileserver))
        # requesting: ALL

        # ldapfileserver, Users, 56f19b119508329e48e68647, jumpcloud.com
        dn: cn=ldapfileserver,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
        objectClass: top
        objectClass: posixGroup
        description: tagGroup
        gidNumber: 7001
        cn: ldapfileserver
        memberUid: cfroome
        memberUid: sroche
        memberUid: sprefontaine
        memberUid: jvoigt
        memberUid: nquintana<\/p>\n<\/div><\/div>\n\n\n\n

        <\/p><\/div>

        Note:<\/strong> \n

        Note: If you need to rename an LDAP user group, see Renaming an LDAP Group<\/a> below.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

        Renaming an LDAP Group<\/h2>\n\n\n\n

        When a group of users is bound to the JumpCloud LDAP directory, an LDAP group is created. If you made an error when you created the group or something has changed within your organization, you can rename the group. After you rename the group in the Admin Portal, you must also run a cURL request to finish renaming the user group.<\/p>\n\n\n\n

        Prerequisites<\/strong>:<\/p>\n\n\n\n