LDAP Authentication with JumpCloud

Has anyone had success using JumpCloud’s LDAP service with icingaweb2? I’m running 2.8.2.

I used the icinga docs, JumpCloud docs, and a post I found on archysblog. I’m 90% there but can’t figure out the final step.

I have successful configuration validations for the JumpCloud LDAP Backend, User Backend, and Group Backend. Authentication > Users > LDAP Backend lists all users. Authentication > User Groups > LDAP Backend lists the icinga-user group defined in groups.ini and created on JumpCloud; however, when I select the group, it does not list any members.

I would like to configure so any JumpCloud user that is a member of the icinga-user group on JumpCloud can authenticate and have monitoring permissions.

I can currently authenticate with any JumpCloud user, but with no permissions and a “Currently there is no dashlet available…” message. I can manually assign an LDAP user to an existing icingaweb2 group, which basically accomplishes what I need, but I’d prefer to have the JumpCloud configuration control everything.


ldapsearch to JumpCloud returns

# icinga-user, Users, org-number, jumpcloud.com
dn: cn=icinga-user,ou=Users,o=org-number,dc=jumpcloud,dc=com
cn: icinga-user
objectClass: top
objectClass: posixGroup
gidNumber: 100
description: tagGroup


type = "ldap"
hostname = "ldap.jumpcloud.com"
port = "636"
root_dn = "o=org-number,dc=jumpcloud,dc=com"
bind_dn = "uid=bind.user,ou=Users,o=org-number,dc=jumpcloud,dc=com"
bind_pw = "bind.users-password"
encryption = "ldaps"


backend = "ldap"
resource = "jc-ldap"
user_class = "inetOrgPerson"  
user_name_attribute = "uid"


backend = "ldap"
resource = "jc-ldap"
user_class = "member"
user_name_attribute = "uid"
group_class = "posixGroup"
group_name_attribute = "cn"
group_filter = "cn=icinga-user"
user_backend = "ldap-user-auth"


groups = "icinga-user"
permissions = "module/monitoring,monitoring/*"

I would say user_class = "member" in groups.ini looks wrong, this should be user_class = "inetOrgPerson" like in authentication.ini.

Thanks. I didn’t see any change after updating that; the icinga-user group still shows up under Authentication > User Groups > LDAP Backend, but with no members. My ldap.test user shows up with no Group Memberships, and can authenticate into a blank dashboard.

It does seem that groups.ini is the problem.

Can you also post an ldapsearch showing one group including one or more members so we can see the attributes?

I see that I posted the return from the group in question when it didn’t have any members. This is the current one:

# icinga-user, Users, org-number, jumpcloud.com
dn: cn=icinga-user,ou=Users,o=org0number,dc=jumpcloud,dc=com
cn: icinga-user
objectClass: top
objectClass: posixGroup
gidNumber: 100
description: tagGroup
memberUid: keith.ogier
memberUid: ldap.test

Then you need to add the line group_member_attribute = memberUid as the default for this value is member.


That did it.

Thank you so much!

1 Like