When groups of users are bound to the JumpCloud LDAP Directory, LDAP groups are created. Creating a user group helps you manage which users have access to specific applications, resources, and networks. User groups can save you time and ensure that each user has the appropriate level of access. For more information about JumpCloud groups, see Get Started: User Groups.
Groups will not be created in LDAP unless the group contains individual members. An LDAP user must be bound to an LDAP group in order for the LDAP group to appear in an ldapsearch.
Creating an LDAP Group
To create an LDAP group:
- Create a new user group. The group Name will correspond to its cn in groupOfNames.
- (Optional) Create a Linux Group Name and Group GID. This will correspond with the
cn
in the posixGroup objectClass. Linux group names are case sensitive.
Some LDAP enabled resources require this option for LDAP group presentation.
- (Optional) Enable Samba Authentication. See Configure Samba Support to Use Cloud LDAP for more information.
- On the Users tab, select the users to belong to this group.
- On the Directories tab, bind the group to LDAP by selecting JumpCloud LDAP from the list.
- Save your group. A group configured as above will yield the following within LDAP:
The Name of the group is defined in the groupOfNames
objectClass:
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (&(objectClass=groupOfNames)(cn=LDAP Fileserver))
# requesting: ALL
#
# LDAP Fileserver, Users, 56f19b119508329e48e68647, jumpcloud.com
dn: cn=LDAP Fileserver,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
cn: LDAP Fileserver
ou: LDAP Fileserver
objectClass: top
objectClass: groupOfNames
description: tagGroup
member: uid=cfroome,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
member: uid=sroche,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
member: uid=sprefontaine,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
member: uid=jvoigt,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
member: uid=nquintana,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
Optionally, if Create Linux group for this user group is selected, you must provide a name different from the above so that it is unique for the posixGroup
, and also specify the desired GID. This will become a group defined in the posixGroup
ObjectClass:
# extended LDIF
#
# LDAPv3
# base with scope subtree
# filter: (&(objectClass=posixGroup)(cn=ldapfileserver))
# requesting: ALL
# ldapfileserver, Users, 56f19b119508329e48e68647, jumpcloud.com
dn: cn=ldapfileserver,ou=Users,o=56f19b119508329e48e68647,dc=jumpcloud,dc=com
objectClass: top
objectClass: posixGroup
description: tagGroup
gidNumber: 7001
cn: ldapfileserver
memberUid: cfroome
memberUid: sroche
memberUid: sprefontaine
memberUid: jvoigt
memberUid: nquintana
Note: If you need to rename an LDAP user group, see Renaming an LDAP Group below.
Renaming an LDAP Group
When a group of users is bound to the JumpCloud LDAP directory, an LDAP group is created. If you made an error when you created the group or something has changed within your organization, you can rename the group. After you rename the group in the Admin Portal, you must also run a cURL request to finish renaming the user group.
Prerequisites:
- The user group must exist and be bound to an LDAP directory before you can rename it.
- The CURL package must be installed.
- You will need the user group ID. See List All User Groups
When using the GET/usergroups
API to get the user group ID, the default limit is 10 records returned. To see more groups in your return results, modify the limit parameter. The maximum number of record entries is limited to 100.
To rename an LDAP user group:
- Log in to the JumpCloud Admin Portal.
- Go to User Management > User Groups.
- On the User Group panel, click User Groups.
- Select the user group.
- Rename the user group by typing a new name in the Name field. The new name appears in the Portal, but is not actually linked to the new user group name yet.
- Click save.
- Copy the CURL command below.
- Open the terminal and paste the command with the required values.
curl --request PUT 'https://console.jumpcloud.com/api/v2/usergroups/'\
--header 'Content-Type: application/json' \
--header 'x-api-key: ' \
--header 'x-org-id: ' \
--data-raw '{"attributes":{"ldapGroups":[{"name":""}]},"email":"","id":"","name":"","type":"user_group"}'
Replace the values for the USERGROUPID
, API_Key,ORG_ID
, and the new DESIREDLDAPGROUPNAME
name.
- Verify that the new LDAP user group name appears in the Admin Portal.