Hi Folks,
I hope all is well! I am looking for some advice on binding JumpCloud LDAP to Meraki Systems Manager:
The problem I have is that you cannot just map to JumpCloud. This is how it is done on Jamf and I have been trying to replicate with Meraki:
https://jumpcloud.com/engineering-blog/integrating-jamf-softwares-lamf-cloud-with-ldap/
Meraki is making me define a gateway. Any way around this?
Jared
I would say you need to use it when defined as a service, like this:
https://support.jumpcloud.com/customer/portal/articles/2439911-using-jumpcloud-s-ldap-as-a-service
Thanks @PhilipDAth, I will give that a try.
It looks like you might be able to do something similar using AzureAD as well.
The issue I seem to run into is that Meraki makes in mandatory to have an AD gateway.
I know you need an actual AD server to talk to.So if they call that a gateway, then yes.
JumpCloud is completely cloud hosted. I am thinking of using OSX Server (which I try to stay away from) to be that bridge to JumpCloud.
I've never used AzureAD for this ... but it is completely cloud based and looks like it is a bit easier to me, especially since they provide a direct LDAP interface.
If you use Office 365 for email and documents then this would bind everything together for you.
@PhilipDAth wrote:I've never used AzureAD for this ... but it is completely cloud based and looks like it is a bit easier to me, especially since they provide a direct LDAP interface.
If you use Office 365 for email and documents then this would bind everything together for you.
The last time I tried to implement this, I needed a local AD. Which is redundant for organisations which have bought into Cloud-based services and infrastructure. However, it is entirely feasible to run RADIUS on the gateway device (MX).
I remain confident that AzureAD will handle remote authorisation in a useful manner.
Hi
I've just made a feature request to have LDAP as another method for AuthN on Meraki SM.
A potential workaround could be (not tested) to provision the accounts from JumpCloud to G-Suite or Office365 and then auth via these, but it would add another layer and i'm not sure if this would work during a DEP enrollment for example.
Would it be possible to use Open Directory?
Sadly no, I installed the Meraki agent on a PC already bound to the domain. Then in order to populate a user the device needs to be enrolled again.
I actually did find a use for JumpCloud. To connect to WiFi it is WPA2 Enterprise with AD and your IP gets issued via Windows DHCP. I can fully shutdown my domain and authentication fails over to JumpCloud and DHCP fails over to my Synology HA Cluster and the DNS is changed to 8.8.8.8 and 8.8.4.4 -- that was the only use I found for JumpCloud in the end.