Configuring Snipe-IT to use JumpCloud LDAP



  • Has anyone done this yet? Wondering what your settings look like if you did. Mine are as follows and not working.

    LDAP Integration - Yes
    Active Directory - No
    LDAP Password Sync - Yes
    Active Directory domain - jumpcloud.com
    LDAP Server - ldaps://ldap.jumpcloud.com:636
    Use TLS - No
    LDAP SSL certificate validation - No
    LDAP Bind Username - username
    LDAP Bind Password - ****
    Base Bind DN - ou=Users,o=id-of-our-org,dc=jumpcloud,dc=com
    LDAP Filter -
    Username Field - samaccountname
    Last Name - sn
    LDAP First Name - givenname
    LDAP Authentication query - uid=samaccountname
    LDAP Version - 3
    LDAP Active Flag -
    LDAP Employee Number -
    LDAP Email - mail



  • @larsen161 said in Configuring Snipe-IT to use JumpCloud LDAP:

    Base Bind DN - ou=Users,o=id-of-our-org,dc=jumpcloud,dc=com

    I've also adjusted the following to use this value, but no change, still fails
    Base Bind DN - uid=username,ou=Users,o=id-of-our-org,dc=jumpcloud,dc=com



  • ok, so reading into the documentation helped to get the Test LDAP Sync to a success. 🙂
    UPDATE: Tweaked to get Test LDAP Login to be a success now 🙂

    LDAP Integration - Yes
    Active Directory - No
    LDAP Password Sync - Yes
    Active Directory domain -
    LDAP Server - ldaps://ldap.jumpcloud.com
    Use TLS - No
    LDAP SSL certificate validation - No
    LDAP Bind Username - uid=username,ou=Users,o=id-of-our-org,dc=jumpcloud,dc=com
    LDAP Bind Password - ****
    Base Bind DN - ou=Users,o=id-of-our-org,dc=jumpcloud,dc=com
    LDAP Filter - &(objectClass=groupOfNames)(?memberOf=*)
    Username Field - uid
    Last Name - sn
    LDAP First Name - cn
    LDAP Authentication query - uid=
    LDAP Version - 3
    LDAP Active Flag -
    LDAP Employee Number -
    LDAP Email - mail



  • @larsen161 Nicely done!



  • Great!



  • @larsen161 This reminded me setting up Barracuda with Zimbra LDAP.



  • I'm stuck on this now too. Ive replicated your settings with no joy. Ive used this user to bind elsewhere, so thats not the issue. Any other ideas of where to look?



  • @techincolor said in SOLVED: Configuring Snipe-IT to use JumpCloud LDAP:

    I'm stuck on this now too. Ive replicated your settings with no joy. Ive used this user to bind elsewhere, so thats not the issue. Any other ideas of where to look?

    For JumpCloud? Anything blocking traffic on that network?



  • @scottalanmiller You're so smart! Cheers.



  • @techincolor said in SOLVED: Configuring Snipe-IT to use JumpCloud LDAP:

    @scottalanmiller You're so smart! Cheers.

    LOL, I assume that that means that that fixed it?



  • @scottalanmiller indeed. Now, if only I could get the synced ldap users to be able to log in.



  • @techincolor said in SOLVED: Configuring Snipe-IT to use JumpCloud LDAP:

    @scottalanmiller indeed. Now, if only I could get the synced ldap users to be able to log in.

    That would probably make things easier. Any error messages?



  • @reid-cooper 2017-11-07 17:01:37] production.DEBUG: Local authentication failed.
    debug
    [2017-11-07 17:01:37] production.DEBUG: Authenticating user against database.
    debug
    [2017-11-07 17:01:37] production.ERROR: There was an error authenticating the LDAP user: Could not f...
    error

    I've tired changing the filter and the Auth query.



  • @techincolor how did you get the users to sync into snipe. I've not been able to get that working yet. Tried once and then haven't had a chance to go back to it. The docs say that php-ldap extension needs to be installed but I didn't find how to install the extension.

    i'm on centos

    $ sudo yum install php-ldap
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
     * base: mirror.rackspace.com
     * epel: mirror.us.leaseweb.net
     * extras: mirrors.lga7.us.voxel.net
     * ius: lon.mirror.rackspace.com
     * updates: mirror.rackspace.com
    Resolving Dependencies
    --> Running transaction check
    ---> Package php-ldap.x86_64 0:5.4.16-42.el7 will be installed
    --> Processing Dependency: php-common(x86-64) = 5.4.16-42.el7 for package: php-ldap-5.4.16-42.el7.x86_64
    --> Running transaction check
    ---> Package php-common.x86_64 0:5.4.16-42.el7 will be installed
    --> Processing Dependency: libzip.so.2()(64bit) for package: php-common-5.4.16-42.el7.x86_64
    --> Running transaction check
    ---> Package libzip.x86_64 0:0.10.1-8.el7 will be installed
    --> Processing Conflict: php71u-common-7.1.10-2.ius.centos7.x86_64 conflicts php-common < 7.1.10-2.ius.centos7
    --> Processing Conflict: php71u-json-7.1.10-2.ius.centos7.x86_64 conflicts php-json < 7.1.10-2.ius.centos7
    --> Processing Conflict: php71u-ldap-7.1.10-2.ius.centos7.x86_64 conflicts php-ldap < 7.1.10-2.ius.centos7
    --> Finished Dependency Resolution
    Error: php71u-json conflicts with php-common-5.4.16-42.el7.x86_64
    Error: php71u-ldap conflicts with php-ldap-5.4.16-42.el7.x86_64
    Error: php71u-common conflicts with php-common-5.4.16-42.el7.x86_64
     You could try using --skip-broken to work around the problem
     You could try running: rpm -Va --nofiles --nodigest 
    


  • @techincolor what are you using for the LDAP Search OU in the Location? Mine is currently:

    (&(objectClass=inetOrgPerson)(memberOf=cn=UK,ou=Users,o=<org>,dc=jumpcloud,dc=com))
    
    (1/1) ErrorException
    ldap_search(): Search: Bad search filter
    
    in Ldap.php (line 262)
    at HandleExceptions->handleError(2, 'ldap_search(): Search: Bad search filter', '/var/www/html/snipeit/app/Models/Ldap.php', 262, array('base_dn' => 'ou=Users,o=<my-org-id>,dc=jumpcloud,dc=com', 'ldapconn' => resource, 'ldap_bind' => null, 'filter' => '&(objectClass=groupOfNames)(?memberOf=*)', 'page_size' => 500, 'cookie' => '', 'result_set' => array(), 'global_count' => 0, 'ldap_paging' => true))
    at ldap_search(resource, 'ou=Users,o=<my-org-id>,dc=jumpcloud,dc=com', '(&(objectClass=groupOfNames)(?memberOf=*))')
    in Ldap.php (line 262)
    at Ldap::findLdapUsers()
    in LdapSync.php (line 70)
    at LdapSync->handle()
    at call_user_func_array(array(object(LdapSync), 'handle'), array())
    in BoundMethod.php (line 29)
    at BoundMethod::Illuminate\Container\{closure}()
    in BoundMethod.php (line 87)
    at BoundMethod::callBoundMethod(object(Application), array(object(LdapSync), 'handle'), object(Closure))
    in BoundMethod.php (line 31)
    at BoundMethod::call(object(Application), array(object(LdapSync), 'handle'), array(), null)
    in Container.php (line 539)
    at Container->call(array(object(LdapSync), 'handle'))
    in Command.php (line 182)
    at Command->execute(object(ArrayInput), object(OutputStyle))
    in Command.php (line 264)
    at Command->run(object(ArrayInput), object(OutputStyle))
    in Command.php (line 167)
    at Command->run(object(ArrayInput), object(BufferedOutput))
    in Application.php (line 888)
    at Application->doRunCommand(object(LdapSync), object(ArrayInput), object(BufferedOutput))
    in Application.php (line 224)
    at Application->doRun(object(ArrayInput), object(BufferedOutput))
    in Application.php (line 125)
    at Application->run(object(ArrayInput), object(BufferedOutput))
    in Application.php (line 141)
    at Application->call('snipeit:ldap-sync', object(Collection), null)
    in Kernel.php (line 220)
    at Kernel->call('snipeit:ldap-sync', array('--location_id' => '1', '--json_summary' => true))
    in Facade.php (line 221)
    at Facade::__callStatic('call', array('snipeit:ldap-sync', array('--location_id' => '1', '--json_summary' => true)))
    in UsersController.php (line 1035)
    at UsersController->postLDAP(object(Request))
    at call_user_func_array(array(object(UsersController), 'postLDAP'), array(object(Request)))
    in Controller.php (line 55)
    at Controller->callAction('postLDAP', array(object(Request)))
    in ControllerDispatcher.php (line 44)
    at ControllerDispatcher->dispatch(object(Route), object(UsersController), 'postLDAP')
    in Route.php (line 203)
    at Route->runController()
    in Route.php (line 160)
    at Route->run()
    in Router.php (line 572)
    at Router->Illuminate\Routing\{closure}(object(Request))
    in Pipeline.php (line 30)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in Authenticate.php (line 43)
    at Authenticate->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in CreateFreshApiToken.php (line 49)
    at CreateFreshApiToken->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in CheckForTwoFactor.php (line 38)
    at CheckForTwoFactor->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in CheckLocale.php (line 42)
    at CheckLocale->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in VerifyCsrfToken.php (line 65)
    at VerifyCsrfToken->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in AddQueuedCookiesToResponse.php (line 37)
    at AddQueuedCookiesToResponse->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in EncryptCookies.php (line 59)
    at EncryptCookies->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in Pipeline.php (line 102)
    at Pipeline->then(object(Closure))
    in Router.php (line 574)
    at Router->runRouteWithinStack(object(Route), object(Request))
    in Router.php (line 533)
    at Router->dispatchToRoute(object(Request))
    in Router.php (line 511)
    at Router->dispatch(object(Request))
    in Kernel.php (line 176)
    at Kernel->Illuminate\Foundation\Http\{closure}(object(Request))
    in Pipeline.php (line 30)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in Debugbar.php (line 51)
    at Debugbar->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in CheckForDebug.php (line 25)
    at CheckForDebug->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in TrustProxies.php (line 56)
    at TrustProxies->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in CheckForSetup.php (line 27)
    at CheckForSetup->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in NosniffGuard.php (line 17)
    at NosniffGuard->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in ContentSecurityPolicyHeader.php (line 18)
    at ContentSecurityPolicyHeader->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in ReferrerPolicyHeader.php (line 17)
    at ReferrerPolicyHeader->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in XssProtectHeader.php (line 18)
    at XssProtectHeader->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in FrameGuard.php (line 17)
    at FrameGuard->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in ShareErrorsFromSession.php (line 49)
    at ShareErrorsFromSession->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in StartSession.php (line 64)
    at StartSession->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in CheckForMaintenanceMode.php (line 46)
    at CheckForMaintenanceMode->handle(object(Request), object(Closure))
    in Pipeline.php (line 148)
    at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
    in Pipeline.php (line 53)
    at Pipeline->Illuminate\Routing\{closure}(object(Request))
    in Pipeline.php (line 102)
    at Pipeline->then(object(Closure))
    in Kernel.php (line 151)
    at Kernel->sendRequestThroughRouter(object(Request))
    in Kernel.php (line 116)
    at Kernel->handle(object(Request))
    in index.php (line 58)
    


  • @larsen161 said in Configuring Snipe-IT to use JumpCloud LDAP:

    memberOf=cn=UK,ou=Users,o=<org>,dc=jumpcloud,dc=com)

    I ended up removing the LDAP Search OU on the Locations and got the users to sync. Login is also working for the users.

    So the nice to have would be getting the Locations to filter each person based on the Group they are a member of in JumpCloud.