Overview

This article mainly introduces how to integrate JumpServer with Windows' AD domain services, pulling users, user groups, etc., from the Windows AD domain.

Integration

The configuration location for JumpServer to integrate with Windows' AD domain is under: "System Settings" → "Authentication Settings" → "LDAP".
Below is an example of successful LDAP integration:

Detailed Configuration

LDAP Server

The LDAP address is the address of the AD domain controller server, typically formatted as ldap://domain_controller_IP:389. The default port for AD domain controller services is 389, and the default port for encrypted configurations is 636.
The Bind DN should be filled with the DN information of a domain controller administrator whose password does not change frequently, which needs to be found on the AD domain server.

In the User section, find the AD domain controller administrator and enter the administrator information into JumpServer. The password is the password of the domain controller administrator.

A successful configuration looks like this:

LDAP Users

The User OU refers to the location where we need to import users. For example, if I want to import the Users group, the User OU should be filled in as follows:

The User Filter and User Attributes generally do not need to be changed. If you need to change attribute mapping, change the corresponding attributes according to actual needs.

Other

Enable LDAP authentication.

Testing and Importing

•  Click "Test Connection" to match users. If users are matched, it indicates that the LDAP configuration is correct. Click "Submit" to save the configuration.

• Click "User Import" to match the corresponding users in the AD domain; if you do not see any users, click the "Refresh" button.

• Import users by selecting the required users and clicking "Import".

• Successful import.