Has anyone had success using JumpCloud’s LDAP service with icingaweb2? I’m running 2.8.2.
I used the icinga docs, JumpCloud docs, and a post I found on archysblog. I’m 90% there but can’t figure out the final step.
I have successful configuration validations for the JumpCloud LDAP Backend, User Backend, and Group Backend. Authentication > Users > LDAP Backend lists all users. Authentication > User Groups > LDAP Backend lists the icinga-user group defined in groups.ini and created on JumpCloud; however, when I select the group, it does not list any members.
I would like to configure so any JumpCloud user that is a member of the icinga-user group on JumpCloud can authenticate and have monitoring permissions.
I can currently authenticate with any JumpCloud user, but with no permissions and a “Currently there is no dashlet available…” message. I can manually assign an LDAP user to an existing icingaweb2 group, which basically accomplishes what I need, but I’d prefer to have the JumpCloud configuration control everything.
Thanks.
ldapsearch to JumpCloud returns
# icinga-user, Users, org-number, jumpcloud.com
dn: cn=icinga-user,ou=Users,o=org-number,dc=jumpcloud,dc=com
cn: icinga-user
objectClass: top
objectClass: posixGroup
gidNumber: 100
description: tagGroup
resources.ini
[jc-ldap]
type = "ldap"
hostname = "ldap.jumpcloud.com"
port = "636"
root_dn = "o=org-number,dc=jumpcloud,dc=com"
bind_dn = "uid=bind.user,ou=Users,o=org-number,dc=jumpcloud,dc=com"
bind_pw = "bind.users-password"
encryption = "ldaps"
authentication.ini
[ldap-user-auth]
backend = "ldap"
resource = "jc-ldap"
user_class = "inetOrgPerson"
user_name_attribute = "uid"
groups.ini
[ldap-group-auth]
backend = "ldap"
resource = "jc-ldap"
user_class = "member"
user_name_attribute = "uid"
group_class = "posixGroup"
group_name_attribute = "cn"
group_filter = "cn=icinga-user"
user_backend = "ldap-user-auth"
roles.ini
[Monitoring]
groups = "icinga-user"
permissions = "module/monitoring,monitoring/*"