[HowTo] Using Jumpcloud LDAP on Nextcloud

Just to get it out right away I am a noob to most of this stuff. I have noticed a lack of info on how to get Nextcloud to work with the Jumpcloud LDAP service. After a few days of trying things and getting some very good support from jumpcloud I have finally got it working. Hopefully this is helpful.

This is what I am using.
Ubuntu 18.04
Nextcloud Snap
I used these instructions to get that running https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-nextcloud-on-ubuntu-18-04

Configure Samba support on your JumpCloud account. https://support.jumpcloud.com/customer/en/portal/articles/2873709-enabling-samba-support-with-jumpcloud-ldap
Make sure you enable Samba Authentication for you Jumpcloud groups.

1. Login to your Nextcloud webgui

2. Go to Apps and Enable Ldap/AD integration

3. Go to settings and select the Ldap/AD integration tab. Within this tab change the following settings

4. Server
   Host: ldap.jumpcloud.com
   select “Detect Port” Should be 389 or 636
   User DN: Copy and Paste the contents of “Samba Service Account Dn” from the Jumpcloud Ldap window
   Example: uid=YOURUSER,ou=Users,o=XXXXXXXXXXXXXXXXX,dc=jumpcloud,dc=com
   Base DN: Take the User DN without uid=YOURUSER and paste it here.
   Example: ou=Users,o=XXXXXXXXXXXXXXXXX,dc=jumpcloud,dc=com

5. Users
   Select “↓ Edit LDAP Query”
   put this in the “Edit Ldap Query” box “(objectclass=*)”

6. Loggin Attributes
   Select “↓ Edit LDAP Query”
   put this in the “Edit Ldap Query” box “(&(&(|(objectclass=inetOrgPerson)))(uid=%uid))”

7. Groups
   Select “↓ Edit LDAP Query”
   put this in the “Edit Ldap Query” box “(&(|(objectclass=groupOfNames)))”

8. Next click Advanced and click Directory Settings. Change these fields.
   User Display Name Field: uid
   Base User Tree: Same as “Base DN”
   Example: ou=Users,o=XXXXXXXXXXXXXXXXX,dc=jumpcloud,dc=com
   Base Group Tree:“Base DN”
   Example: ou=Users,o=XXXXXXXXXXXXXXXXX,dc=jumpcloud,dc=com
   Group-Member association: Member (AD)

After all this is done it should show configuration ok and your groups and users should populate.

Big time THANK YOU for this write up!

I currently am getting the green light (configuration ok) in the LDAP setup config area, but no users are populating. Screenshots here: https://nxtcld.cf/s/99KMy3yAF7PQcXB
(Pardon the cert, haven’t flipped over the proper lets encrypt yet).

-I literally copied what you had for the Edit LDAP Query fields, quotations and all. Is that correct, or should I have omitted the quotes?
-Samba was previously enabled in Jumpcloud and working for auth in FreeNAS
-Did you need to restart Nextcloud after configuring LDAP?
-My Nextcloud is in a FreeNAS jail, behind a firewall with ports 443 and 80 open, pointing to Nextcloud. Did you open any additional firewall ports?

Solved: Do NOT include quotes in the LDAP queries.

I can also get the users populated into NextCloud, but when I test the groups in the LDAP settings, it always returns 0. Is this expected? Thanks.

Ok I got this to work by dropping the ldaps:// and changing 636 to 389. Therefor if you do not value your security or privacy, you are free to use this product with LDAP. Once you give it a bind account, base DN and its password you will be able to “test” your configuration and use the groups & objects you want. I was going to use this product as a snap on ubuntu until I saw that it doesn’t work with SSL. I know the answer is going to be “well troubleshoot ssl and why doesn’t it work”, but the truth is that the snap apps use the OS cert trust store and the OS trusts those certs so I believe it to be YET ANOTHER CRITICAL NC flaw. good luck.