Cloud Gateways Switching WiFi Camera Security Door Access Integrations Accessory Tech Identity
User
Sign Up UniFi Site Manager
Help Center Help Articles Professional Support Professional Integrators Community RMA & Warranty Downloads Tech Specs
User
Sign Up UniFi Site Manager
Help Center Help Articles Professional Phone Support Professional Integrators Community RMA & Warranty Downloads Tech Specs
Cloud Gateways Switching WiFi Camera Security Door Access Integrations Accessory Tech Identity

Social

Facebook Twitter Youtube Instagram

Company

Careers Contact Us Investors

Training

Courses Calendar Trainers Become a Trainer

Tools

WiFiman UISP Design Center
  1. Ubiquiti Help Center
  2. UniFi
  3. Organization Manager

Integrating Active Directory and LDAP with Identity Hub

UniFi Identity Hub provides seamless identity and access management (IAM) by integrating with Active Directory (AD) or Lightweight Directory Access Protocol (LDAP). This allows users to authenticate using their existing domain credentials—enabling centralized user, group, and password management across your UniFi Organization. Once integrated, users can access services such as VPN, WiFi, and Door Access through the Identity Endpoint App, using their directory-based login credentials.

If you have not done so yet, start by Creating an Identity Hub for Your Organization.

Integrating Identity Hub with Active Directory

Requirements

  • Domain Admin credentials for the AD Domain.
  • Access to all Domain Controllers (DCs) or member servers within your AD domain.

AD Integration

  1. Ensure that you have set up Identity Hub. Learn more
  2. Fill in the required AD information:
    • AD server: Enter your AD server’s hostname or IP address. To obtain it, run the following command in your domain controller: nslookup your-domain.com
    • Port: Currently, we only support 389 port.
    • Use SSL Connection: Tick the checkbox based on your AD server’s security protocol.
    • Base DN: Enter your AD distinguished name. 
      • To obtain it, run the following command in your domain controller: dsquery * "DC=example,DC=com" -scope base
      • Example output: distinguishedName: DC=example,DC=com
    • Username and password: Enter your AD domain admin credentials. 
      • To obtain your username, run the following command in your domain controller: dsquery user -name [NAME].
      • Example output: CN=Administrator,CN=Users,DC=example,DC=com
  3. Click Next.
  4. Choose whether to import all users or select specific organizational units (OUs).

  1. Click Finish.

Integrating Identity Hub with LDAP

  1. Ensure that you have finished the steps here.
  2. Fill in the required LDAP information:
    • LDAP server: Enter the LDAP server address. To obtain it, run the command:  /etc/ldap/ldap.conf or /etc/openldap/ldap.conf.
    • Port: The standard LDAP port for unencrypted communication is 389, while the secure version, LDAP over SSL/TLS (LDAPS), uses port 636.
    • Use SSL Connection: Tick the checkbox based on your LDAP server’s security protocol.
    • Root DN: The Root DN represents the top level of your LDAP directory structure.
      • Run the following command in Command Prompt: cat /etc/ldap/slapd.conf | grep suffix
      • Example output: suffix "dc=example,dc=com"
    • Bind DN: The Bind DN is the user that authenticates LDAP queries.
      • Check the olcRootDN in the configuration file: sudo cat /etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif | grep olcRootDN
      • Example output: olcRootDN: cn=admin,dc=example,dc=com

Integrating Identity Hub with JumpCloud LDAP

  1. Ensure that you have finished the steps here.
  2. Fill in the required LDAP information:
    • ORG DN: Your domain in DN format. You can find it in the JumpCloud Admin Portal>USER AUTHENTICATION>LDAP>Details>ORG DN.

  • Bind DN: The LDAP Distinguished Name of the user who is allowed to search the base DN.
    •  Example: uid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com

    • Learn more about Creating a Binding User below

  • Password: The password of the binding user.
  1. Click Next.
  2. Choose whether to import all users or select specific organizational units (OUs).
  3. Click Finish.

Creating a Binding User

  1. Sign in to the JumpCloud Admin Portal.
  2. Go to User Management>Users
  3. Click “+” icon >Manual user entry
  4. Input User Information:
    • First Name
    • Last Name
    • (Required) Username
    • (Required) Company Email
    • Description
  5. Under User Security Settings and Permission​>Permission Settings​​​​​​, check the box next to Enable as LDAP Bind DN. When enabled, this user acts to bind and search the JumpCloud LDAP directory; one or more users can enable this option.

Locating the LDAP Binding User Information

Once the user is created and enabled as an LDAP Bind DN, you can find the Bind DN (LDAP Distinguished Name) for the binding user in USER Management>Users > select the binding user>Details.

Next Steps

Proceed with Step 6 in Creating an Identity Hub For Your Organization.

Was this article helpful?