Integrating Active Directory (AD), and LDAP with UniFi Fabrics

UniFi Fabrics allow you to centrally manage people and permissions by integrating with Active Directory (AD), LDAP, and JumpCloud as an Identity Provider (IdP). This enables secure, SAML-based authentication and automated user lifecycle management across UniFi services such as WiFi, VPN, and Door Access via the Identity Endpoint app.

For a list of other supported Identity Providers, see Binding an Identity Provider (IdP) To A UniFi Fabric.

Requirements

• A Fabric with Consolidated People Management enabled. For more information, see Getting Started with UniFi Fabrics.
• Domain Admin credentials for the AD Domain.
• Access to all Domain Controllers (DCs) or member servers within your AD domain.

AD Integration

1. Go to Site Manager.
2. Select a Fabric.
3. Navigate to Settings > Identity.
4. Enable Consolidated People Management and wait for the Identity Sync Service to set up.
5. Select Active Directory from the list of IdPs to bind.
6. Click Proceed.
7. Enter the AD server Hostname or IP address, which can be obtained by running the following command in your domain controller: nslookup your-domain.com.
   1. Port 389 must be used.
8. (Optional) Enable Use SSL Connection based on your AD server’s security protocol.
9. Enter the Base DN, which can be obtained by running the following command in your domain controller: dsquery * "DC=example,DC=com" -scope base.
10. Enter your Username and Password.
11. Click Apply Changes.
12. Choose whether to import all users or select specific organizational units (OUs).
13. (Optional) Configure Identity Endpoint Services to streamline how people interact with UniFi services such as WiFi, VPN, and Access Control.

LDAP Integration

1. Go to Site Manager.
2. Select a Fabric.
3. Navigate to Settings > Identity.
4. Enable Consolidated People Management and wait for the Identity Sync Service to set up.
5. Select LDAP from the list of IdPs to bind.
6. Click Proceed.
7. Enter the LDAP server Hostname or IP address, which can be obtained by running the following command: /etc/ldap/ldap.conf or /etc/openldap/ldap.conf.
   1. The standard LDAP port is 389, while LDAP over SSL/TLS (LDAPS) is port 636.
8. (Optional) Enable Use SSL Connection based on your LDAP server’s security protocol.
9. Enter the Root DN, which can be obtained by running the following command: cat /etc/ldap/slapd.conf | grep suffix.
10. Enter the Bind DN, which can be obtained from the olcRootDN in the configuration file using the following command: sudo cat /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif | grep olcRootDN.
11. Enter the Password.
12. Click Apply Changes.
13. Choose whether to import all users or select specific organizational units (OUs).
14. (Optional) Configure Identity Endpoint Services to streamline how people interact with UniFi services such as WiFi, VPN, and Access Control.

JumpCloud LDAP Integration

1. Go to Site Manager.
2. Select a Fabric.
3. Navigate to Settings > Identity.
4. Enable Consolidated People Management and wait for the Identity Sync Service to set up.
5. Select JumpCloud LDAP from the list of IdPs to bind.
6. Click Proceed.
7. Confirm the Hostname.
8. Enter the ORG DN, obtained from the JumpCloud Admin Portal > USER AUTHENTICATION > LDAP > Details > ORG DN.
   
9.  Enter the Bind DN, which is the LDAP Distinguished Name of the user who is allowed to search the base DN. This can be obtained from Jumpcloud Admin Portal USER Management > Users > select the binding user > Details. 
   E.g., uid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
   
10. Enter the Password of the Bind User.
11. Click Apply Changes.
12. Choose whether to import all users or select specific organizational units (OUs).
13. (Optional) Configure Identity Endpoint Services to streamline how people interact with UniFi services such as WiFi, VPN, and Access Control.