LaVOZs

The World’s Largest Online Community for Developers

'; active directory - Rocketchat LDAP configuration for Jumpcloud - LavOzs.Com

I'm trying to get LDAP on Rocket.Chat working with jumpcloud.com

When I use ldapsearch

ldapsearch -H ldaps://ldap.jumpcloud.com:636 -v -x -b "ou=Users,o=organizationid,dc=jumpcloud,dc=com" -D "uid=bind-user,ou=Users,o=organizationid,dc=jumpcloud,dc=com" -w "bind-password" "(&(objectClass=inetOrgPerson)(memberOf=cn=ROCKET_ACCESS,ou=Users,o=organizationid,dc=jumpcloud,dc=com)(uid=username-to-search))"

I get a result back with the user I was searching for, email and all. It looks like everything is working like it should from jumpcloud.com


The trouble I'm having is getting Rocket.Chat to work with jumpcloud.com

All suggestions I have tried do not work for jumpcloud: http://pastebin.com/sVHqFsxr

Bind Search: used every configuration I can find (see below)

Distinguished Name (DN): dc=jumpcloud,dc=com

Enable LDAP: True

LDAP Port: 389

Sync Data: True

User Data Field Map: {"cn":"uid", "mail":"email"}

LDAP URL: ldap://ldap.jumpcloud.com


I tried these all:

  • {"filter": "(&(objectclass=inetOrgPerson)(memberOf=CN=ROCKET_ACCESS,DC=jumpcloud,DC=com)(sAMAccountName=#{username}))", "userDN": "bind-username", "password": "bind-password"}
  • {"filter": "(&(objectClass=inetOrgPerson)(memberOf=cn=ROCKET_ACCESS,dc=jumpcloud,dc=com)(uid=#{username}))", "uid": "bind-username", "password": "bind-password"}
  • {"filter": "(&(uid=#{username}))","userDN": "uid=bind-username,ou=Users,o=organizationid,dc=jumpcloud,dc=com", "password": "bind-password"}

I was curious to know if anyone out there had to configure Rocket.Chat with jump cloud. I'm using the latest version that has ldap support.

Any sort of debugging methods would help too. They are using meteor and all I'm getting back from the results is

LDAP: Search on Error { [NoSuchObjectError: No Such Object]
  dn: [Getter],
  code: [Getter],
  name: [Getter],
  message: [Getter] }

which isn't very helpful when I get that for every combination.

Try specifying accounts subtree root your search root (confusingly it goes as Distinguished name DN) settings on LDAP configuration page. For example, if all your accounts are in o=organizationid,dc=jumcloud,dc=com, then set DN to "o=organizationid,dc=jumcloud,dc=com"

Worked for me. I assume this is because search is happening on immediate subtree of DN.

I think you are doing it wrong here:

User Data Field Map: {"cn":"uid", "mail":"email"}

You should use:

{"cn":"name", "mail":"email"}

This will choose a person's human readable name from the cn attribute, and their email from the mail attribute.

Thanks, & Have a Nice Day.

Related
What are the differences between LDAP and Active Directory?
Import Users From LDAP to Liferay
active directory auth getting invalid attribute description
What are CN, OU, DC in an LDAP search?
Applying filter to Ldap search also sorts the results
LDAP groups and SonarQube configuration
PHP LDAP Connection
How to apply additional search query to LDAP
How to add an attribute to an LDAP schema
ldap filter in omniauth ldap module not working in discourse