Configuring Snipe-IT to use JumpCloud LDAP

larsen161

@larsen161 said in Configuring Snipe-IT to use JumpCloud LDAP:

Base Bind DN - ou=Users,o=id-of-our-org,dc=jumpcloud,dc=com

I've also adjusted the following to use this value, but no change, still fails
Base Bind DN - uid=username,ou=Users,o=id-of-our-org,dc=jumpcloud,dc=com

larsen161

ok, so reading into the documentation helped to get the Test LDAP Sync to a success.
UPDATE: Tweaked to get Test LDAP Login to be a success now

LDAP Integration - Yes
Active Directory - No
LDAP Password Sync - Yes
Active Directory domain -
LDAP Server - ldaps://ldap.jumpcloud.com
Use TLS - No
LDAP SSL certificate validation - No
LDAP Bind Username - uid=username,ou=Users,o=id-of-our-org,dc=jumpcloud,dc=com
LDAP Bind Password - ****
Base Bind DN - ou=Users,o=id-of-our-org,dc=jumpcloud,dc=com
LDAP Filter - &(objectClass=groupOfNames)(?memberOf=*)
Username Field - uid
Last Name - sn
LDAP First Name - cn
LDAP Authentication query - uid=
LDAP Version - 3
LDAP Active Flag -
LDAP Employee Number -
LDAP Email - mail

dbeato

@larsen161 Nicely done!

scottalanmiller

Great!

dbeato

@larsen161 This reminded me setting up Barracuda with Zimbra LDAP.

techincolor

I'm stuck on this now too. Ive replicated your settings with no joy. Ive used this user to bind elsewhere, so thats not the issue. Any other ideas of where to look?

scottalanmiller

@techincolor said in SOLVED: Configuring Snipe-IT to use JumpCloud LDAP:

I'm stuck on this now too. Ive replicated your settings with no joy. Ive used this user to bind elsewhere, so thats not the issue. Any other ideas of where to look?

For JumpCloud? Anything blocking traffic on that network?

techincolor

@scottalanmiller You're so smart! Cheers.

scottalanmiller

@techincolor said in SOLVED: Configuring Snipe-IT to use JumpCloud LDAP:

@scottalanmiller You're so smart! Cheers.

LOL, I assume that that means that that fixed it?

techincolor

@scottalanmiller indeed. Now, if only I could get the synced ldap users to be able to log in.

Reid Cooper

@techincolor said in SOLVED: Configuring Snipe-IT to use JumpCloud LDAP:

@scottalanmiller indeed. Now, if only I could get the synced ldap users to be able to log in.

That would probably make things easier. Any error messages?

techincolor

@reid-cooper 2017-11-07 17:01:37] production.DEBUG: Local authentication failed.
debug
[2017-11-07 17:01:37] production.DEBUG: Authenticating user against database.
debug
[2017-11-07 17:01:37] production.ERROR: There was an error authenticating the LDAP user: Could not f...
error

I've tired changing the filter and the Auth query.

larsen161

@techincolor how did you get the users to sync into snipe. I've not been able to get that working yet. Tried once and then haven't had a chance to go back to it. The docs say that php-ldap extension needs to be installed but I didn't find how to install the extension.

i'm on centos

$ sudo yum install php-ldap
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.rackspace.com
 * epel: mirror.us.leaseweb.net
 * extras: mirrors.lga7.us.voxel.net
 * ius: lon.mirror.rackspace.com
 * updates: mirror.rackspace.com
Resolving Dependencies
--> Running transaction check
---> Package php-ldap.x86_64 0:5.4.16-42.el7 will be installed
--> Processing Dependency: php-common(x86-64) = 5.4.16-42.el7 for package: php-ldap-5.4.16-42.el7.x86_64
--> Running transaction check
---> Package php-common.x86_64 0:5.4.16-42.el7 will be installed
--> Processing Dependency: libzip.so.2()(64bit) for package: php-common-5.4.16-42.el7.x86_64
--> Running transaction check
---> Package libzip.x86_64 0:0.10.1-8.el7 will be installed
--> Processing Conflict: php71u-common-7.1.10-2.ius.centos7.x86_64 conflicts php-common < 7.1.10-2.ius.centos7
--> Processing Conflict: php71u-json-7.1.10-2.ius.centos7.x86_64 conflicts php-json < 7.1.10-2.ius.centos7
--> Processing Conflict: php71u-ldap-7.1.10-2.ius.centos7.x86_64 conflicts php-ldap < 7.1.10-2.ius.centos7
--> Finished Dependency Resolution
Error: php71u-json conflicts with php-common-5.4.16-42.el7.x86_64
Error: php71u-ldap conflicts with php-ldap-5.4.16-42.el7.x86_64
Error: php71u-common conflicts with php-common-5.4.16-42.el7.x86_64
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest 

larsen161

@techincolor what are you using for the LDAP Search OU in the Location? Mine is currently:

(&(objectClass=inetOrgPerson)(memberOf=cn=UK,ou=Users,o=<org>,dc=jumpcloud,dc=com))

(1/1) ErrorException
ldap_search(): Search: Bad search filter

in Ldap.php (line 262)
at HandleExceptions->handleError(2, 'ldap_search(): Search: Bad search filter', '/var/www/html/snipeit/app/Models/Ldap.php', 262, array('base_dn' => 'ou=Users,o=<my-org-id>,dc=jumpcloud,dc=com', 'ldapconn' => resource, 'ldap_bind' => null, 'filter' => '&(objectClass=groupOfNames)(?memberOf=*)', 'page_size' => 500, 'cookie' => '', 'result_set' => array(), 'global_count' => 0, 'ldap_paging' => true))
at ldap_search(resource, 'ou=Users,o=<my-org-id>,dc=jumpcloud,dc=com', '(&(objectClass=groupOfNames)(?memberOf=*))')
in Ldap.php (line 262)
at Ldap::findLdapUsers()
in LdapSync.php (line 70)
at LdapSync->handle()
at call_user_func_array(array(object(LdapSync), 'handle'), array())
in BoundMethod.php (line 29)
at BoundMethod::Illuminate\Container\{closure}()
in BoundMethod.php (line 87)
at BoundMethod::callBoundMethod(object(Application), array(object(LdapSync), 'handle'), object(Closure))
in BoundMethod.php (line 31)
at BoundMethod::call(object(Application), array(object(LdapSync), 'handle'), array(), null)
in Container.php (line 539)
at Container->call(array(object(LdapSync), 'handle'))
in Command.php (line 182)
at Command->execute(object(ArrayInput), object(OutputStyle))
in Command.php (line 264)
at Command->run(object(ArrayInput), object(OutputStyle))
in Command.php (line 167)
at Command->run(object(ArrayInput), object(BufferedOutput))
in Application.php (line 888)
at Application->doRunCommand(object(LdapSync), object(ArrayInput), object(BufferedOutput))
in Application.php (line 224)
at Application->doRun(object(ArrayInput), object(BufferedOutput))
in Application.php (line 125)
at Application->run(object(ArrayInput), object(BufferedOutput))
in Application.php (line 141)
at Application->call('snipeit:ldap-sync', object(Collection), null)
in Kernel.php (line 220)
at Kernel->call('snipeit:ldap-sync', array('--location_id' => '1', '--json_summary' => true))
in Facade.php (line 221)
at Facade::__callStatic('call', array('snipeit:ldap-sync', array('--location_id' => '1', '--json_summary' => true)))
in UsersController.php (line 1035)
at UsersController->postLDAP(object(Request))
at call_user_func_array(array(object(UsersController), 'postLDAP'), array(object(Request)))
in Controller.php (line 55)
at Controller->callAction('postLDAP', array(object(Request)))
in ControllerDispatcher.php (line 44)
at ControllerDispatcher->dispatch(object(Route), object(UsersController), 'postLDAP')
in Route.php (line 203)
at Route->runController()
in Route.php (line 160)
at Route->run()
in Router.php (line 572)
at Router->Illuminate\Routing\{closure}(object(Request))
in Pipeline.php (line 30)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in Authenticate.php (line 43)
at Authenticate->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in CreateFreshApiToken.php (line 49)
at CreateFreshApiToken->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in CheckForTwoFactor.php (line 38)
at CheckForTwoFactor->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in CheckLocale.php (line 42)
at CheckLocale->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in VerifyCsrfToken.php (line 65)
at VerifyCsrfToken->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in AddQueuedCookiesToResponse.php (line 37)
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in EncryptCookies.php (line 59)
at EncryptCookies->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in Pipeline.php (line 102)
at Pipeline->then(object(Closure))
in Router.php (line 574)
at Router->runRouteWithinStack(object(Route), object(Request))
in Router.php (line 533)
at Router->dispatchToRoute(object(Request))
in Router.php (line 511)
at Router->dispatch(object(Request))
in Kernel.php (line 176)
at Kernel->Illuminate\Foundation\Http\{closure}(object(Request))
in Pipeline.php (line 30)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in Debugbar.php (line 51)
at Debugbar->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in CheckForDebug.php (line 25)
at CheckForDebug->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in TrustProxies.php (line 56)
at TrustProxies->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in CheckForSetup.php (line 27)
at CheckForSetup->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in NosniffGuard.php (line 17)
at NosniffGuard->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in ContentSecurityPolicyHeader.php (line 18)
at ContentSecurityPolicyHeader->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in ReferrerPolicyHeader.php (line 17)
at ReferrerPolicyHeader->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in XssProtectHeader.php (line 18)
at XssProtectHeader->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in FrameGuard.php (line 17)
at FrameGuard->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in ShareErrorsFromSession.php (line 49)
at ShareErrorsFromSession->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in StartSession.php (line 64)
at StartSession->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in CheckForMaintenanceMode.php (line 46)
at CheckForMaintenanceMode->handle(object(Request), object(Closure))
in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing\{closure}(object(Request))
in Pipeline.php (line 102)
at Pipeline->then(object(Closure))
in Kernel.php (line 151)
at Kernel->sendRequestThroughRouter(object(Request))
in Kernel.php (line 116)
at Kernel->handle(object(Request))
in index.php (line 58)

larsen161

@larsen161 said in Configuring Snipe-IT to use JumpCloud LDAP:

memberOf=cn=UK,ou=Users,o=<org>,dc=jumpcloud,dc=com)

I ended up removing the LDAP Search OU on the Locations and got the users to sync. Login is also working for the users.

So the nice to have would be getting the Locations to filter each person based on the Group they are a member of in JumpCloud.

AdminEvo

Hi,

I'm having error "Unable to find user in LDAP directory" upon doing test login. But whenever I tried to make my account LDAP bind DN enabled, the login went thru. Is it required that all users should be LDAP Binded?

warren.stanley

@AdminEvo I've found the JumpCloud docs (previously - not sure at the moment of this post, same for Synology docs) to be confusing on this front. I had issues with Synology services and JumpCloud LDAP. Turns out you need to bind every user individually (whom you wish to access things via JumpCloud LDAP). I had incorrectly assumed that I could propagate LDAP via enabling the JumpCloud LDAP option for desired JumpCloud User Groups. I would only get listings of users, but no individual logins worked - corrected via manually enabling bind on each user.

Note - ignore the password expired, it's a test account.