Guides
System Settings
Authentication
Integrate LDAP

Integrate LDAP authentication

About LDAP

Lightweight Directory Access Protocol (LDAP) is an open protocol used for accessing and managing distributed directory information. It is commonly used for centralized authentication and directory services, such as storing user accounts, permissions, and organizational structure information. LDAP is widely applied in enterprise identity management, single sign-on (SSO), and access control systems.

Distinguished Name (DN) is unique identifier for each entry in an LDAP directory, similar to a file path in a filesystem, such as "cn=admin,ou=Users,dc=example,dc=com".

Organizational Unit (OU) is used to organize and manage objects in an LDAP directory, similar to folders in a file system. For example, an organization may have multiple OUs "ou=HR" and "ou=IT", to distinguish users and resources of different departments.

How to configure

1
In the upper-right corner of any page in JumpServer, click .image
2

Navigate to System settings > Authentication > LDAP.

3

In the LDAP field, check to enable LDAP authentication.

4

In the Server field, type the LDAP server URI, such as "ldap://example.com:389" and "ldaps://example.com:636".

Tip

To configure LDAP TLS certificates, you can upload the files "ldap_ca.pem, ldap_cert.pem, ldap_cert.key" to the directory "/data/jumpserver/core/data/certs", then restart the service.

5

In the Bind DN field, type a user DN with at least query permissions, which will be used to query and filter users, such as "cn=admin,dc=example,dc=com".

6

In the Password field, type the password for the "Bind DN" user.

7

In the Search OU field, type the search OU to specify where to start searching for users, use | to separate multiple values, such as "ou=users,dc=example,dc=com | ou=tech,dc=example,dc=com".

8

In the Search filter field, type the filter expression to search for LDAP users. By default, the expression is "(cn=%(user)s)", where "%(user)s" is the placeholder syntax in Python. During filtering, it is replaced with *, resulting in "(cn=*)", which searches for all users. You can also replace "cn" with the actual username field, such as "uid" or "sAMAccountName".

9

In the User attribute field, type the user attribute mapping. The key represents the JumpServer user attribute name (available options: name, username, email, groups, phone, comment), while the value corresponds to the LDAP user attribute name.

LDAP User Attribute Example
{
  "name": "cn",
  "email": "mail",
  "username": "cn",
  "groups": "memberOf"
}
10

In the Connect timeout (s) field, type the LDAP connection timeout in seconds.

11

In the Search paged size (piece) field, type the page size for searching users.

12

In the User DN cache timeout (s) field, type the cache duration for user DN in seconds to improve login authentication speed. Submit the form to clear the cache if the user DN is changed, otherwise, authentication will fail.

13

Click Submit.

Test LDAP connection

1
In the upper-right corner of any page in JumpServer, click .image
2

Navigate to System settings > Authentication > LDAP.

3

Scroll to the bottom of the page.

4

Click Test connection.

Test LDAP user login

1
In the upper-right corner of any page in JumpServer, click .image
2

Navigate to System settings > Authentication > LDAP.

3

Completed and tested LDAP configuration successfully.

4

Scroll to the bottom of the page.

5

Click Test login.

6

In the popup, type the username and password for LDAP user.

7

Click Confirm.

Import LDAP users

1
In the upper-right corner of any page in JumpServer, click .image
2

Navigate to System settings > Authentication > LDAP.

3

Completed and tested LDAP configuration successfully.

4

Scroll to the bottom of the page.

5

Click User import.

6

In the popup, you can import LDAP users in the following ways.

1

Click Sync Users to sync LDAP users to the table.

2

In the Import organization field, select one or more organizations to import.

3

Check the users you want to import, click Import to proceed.

4

Alternatively, you can click Import all to import all users.

image

Set up LDAP user sync

1
In the upper-right corner of any page in JumpServer, click .image
2

Navigate to System settings > Authentication > LDAP.

3

Completed and tested LDAP configuration successfully.

4

Scroll to the bottom of the page.

5

Click Sync settings.

6

In the popup, type the following information to configure.

1

In the Organization field, Select one or more organizations to sync.

2

In the Periodic field, check to enable periodic sync.

3

In the Crontab field, type the crontab expression. If empty, "Interval" will be used.

4

In the Interval field, type the sync interval in hours.

However, if "Crontab" has a value, "Crontab" will take priority.

5

In the Recipients fields, select one or more users to receive the sync result.

6

Click Confirm.

image
Basic settingsIntegrate LDAP HA