Has anyone had success using JumpCloud’s LDAP service with icingaweb2? I’m running 2.8.2.
I used the icinga docs, JumpCloud docs, and a post I found on archysblog. I’m 90% there but can’t figure out the final step.
I have successful configuration validations for the JumpCloud LDAP Backend, User Backend, and Group Backend. Authentication > Users > LDAP Backend lists all users. Authentication > User Groups > LDAP Backend lists the icinga-user group defined in groups.ini and created on JumpCloud; however, when I select the group, it does not list any members.
I would like to configure so any JumpCloud user that is a member of the icinga-user group on JumpCloud can authenticate and have monitoring permissions.
I can currently authenticate with any JumpCloud user, but with no permissions and a “Currently there is no dashlet available…” message. I can manually assign an LDAP user to an existing icingaweb2 group, which basically accomplishes what I need, but I’d prefer to have the JumpCloud configuration control everything.
ldapsearch to JumpCloud returns
# icinga-user, Users, org-number, jumpcloud.com dn: cn=icinga-user,ou=Users,o=org-number,dc=jumpcloud,dc=com cn: icinga-user objectClass: top objectClass: posixGroup gidNumber: 100 description: tagGroup
[jc-ldap] type = "ldap" hostname = "ldap.jumpcloud.com" port = "636" root_dn = "o=org-number,dc=jumpcloud,dc=com" bind_dn = "uid=bind.user,ou=Users,o=org-number,dc=jumpcloud,dc=com" bind_pw = "bind.users-password" encryption = "ldaps"
[ldap-user-auth] backend = "ldap" resource = "jc-ldap" user_class = "inetOrgPerson" user_name_attribute = "uid"
[ldap-group-auth] backend = "ldap" resource = "jc-ldap" user_class = "member" user_name_attribute = "uid" group_class = "posixGroup" group_name_attribute = "cn" group_filter = "cn=icinga-user" user_backend = "ldap-user-auth"
[Monitoring] groups = "icinga-user" permissions = "module/monitoring,monitoring/*"