We have a Mac mini acting as a FileMaker database server, and I need to add SSO logins for database users. For some reason, the JumpCloud agent won't install, so as a workaround I added the Jumpcloud LDAP server as a native directory service per https://labzilla.io/blog/jumpcloud-ldap-bind. I can now login to the Mac using JumpCloud credentials, I can browse the LDAP with Directory Utility.
Here's the catch: FileMaker controls access based on an LDAP group, not a user. FileMaker can see the JumpCloud LDAP groups, but it doesn't appear to be able to determine whether or not a given LDAP user is part of that LDAP group. I’m pretty sure we can fix this by tweaking the LDAP field mappings, but I need to know the correct field mapping between JumpCloud LDAP and macOS OpenDirectory, specifically where Groups are concerned.
Anyone have a clue?
Long story short, there's no way to do this. The JC LDAP implementation simply does not support it. The "workaround" is the JC agent, which creates local users & groups that mirror the JC config. This is messy, but it does work.
From a technical standpoint, the main problem is that the JC LDAP does not include specific LDAP properties that tie users to groups in a way that macOS understands, and JC doesn't appear interested in fixing this.
I would put in a feature request if you haven't already. If enough people request it, it'll get attention.
Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.
You have to get the JC Agent running on the mini, create APP groups in your JC console, and add users to those groups. I added Custom Attributes of "RealName" (e.g. "FileMaker") and "RecordName" (e.g. "filemaker").
I created three different groups, one for basic access, one for "delete-capable" access, and one for full admin access. Then use the Security config in FileMaker to give the desired permissions to those groups.
Also created a JC Device Group that contained only the FileMaker Server, so I could push the JC groups to only that machine.