Any using or tried JumpCloud for LDAP?

@rlincoln and all:

Yesterday JumpCloud informed me and updated their kb regarding the keychain issue:

The issue has been resolved in agent 0.9.560 and newer. The KB has been updated. It will not retroactively fix users that were provisioned with the older agent, so they will need to be fixed manually with the step documented. You can leverage commands to perform the fix if desired. Let me know if you have any additional questions.

Hello. New here. My JumpStart remains to be scheduled. Currently leveraging Bushel / JAMF Now.

Been evaluating JumpCloud GSuite integration—works well. I went ahead and hid /opt with seemingly no ill affect—I agree it should be hidden. As far as binding to systems our company is small and I'll be fine doing it from the JC console to the agent.

In general is everyone here finding JumpCloud LDAPaaS and JAMF Pro / Casper connectivity reliable, robust, working as advertised? Any ldaps:// SSL issues? Would love to hear of pitfalls, recommendations, praise, thoughts etc.

Thanks

@jgeiger I've been testing JumpCloud's LDAP integration with a small test JSS and have noticed some issues. I have a JumpCloud account setup as an LDAP account with admin permissions for logging into my JSS. Sometimes I am unable to login to the JSS using those credentials. At times I am only able to login with the local admin account I've created in the JSS. I've also got some VPP Mac apps scoped to some LDAP groups setup in JumpCloud. I've noticed that from time to time the In Use column will show 0 which indicates to me that the connection between the JSS and JumpCloud has been lost. I'm running 9.97.1482356336 on Ubuntu 14.04.5 LTS with Java 1.7.0_121, Tomcat 7.0.52, and MySQL 5.5.54. I know they recommend Java 1.8 and Tomcat 8, but my setup does meet the minimum requirements so I am not sure the problem I'm seeing is because of the JSS. I've not had a chance to contact my TAM or the JumpCloud folks about the issue yet. I've been trying to get some help with using JumpCloud as the directory for assigning permission for file sharing in Mac OS X Server. Not had much luck getting that working yet. You might want to check the LDAP based login and LDAP based group scoping with your JSS if this is something you think you might need.

@rlincoln Hi! Do you possibly know a good binding script I could use to bind via the Users and Groups in system preferences? Thanks!

@jared_f

They have deprecated SAML based auth and have no plans to bring it back. Going forward the want to leverage the client only. We have the agent installed via a script during imaging as well as a policy for existing machines then we have to go into the JC console and assign the user to the machine(s)

I did hear some good news that the newest version of the client supports Keychain sync, Mac agent version 0.9.575. They are still working on the FileVault sync and should be relatively soon!

Now that we have the ability to sync Keychain we will be flipping users over. We have several users that do not have the standard first initial last name format so we will be using a script that the provided that will rename the home directory to match our standard naming convention.

@rlincoln How are you doing it via imaging? When installing the client, it makes you enter the organization ID. Is this what you are using the script for? If so, could you possibly post it? I would love to have ht ebjnding as part of our imaging process!

Thanks,
Jared

I have a script in place runs at reboot you can follow the guide here: https://support.jumpcloud.com/customer/portal/articles/2389320-agent-deployment-via-command-line#osx

Rick

You can find your organization ID in the jumpcloud console>settings>general

Can anyone give me an answer regarding the setup how JC and Jamf link together. Does the JSS need a public facing IP in order to hook in with its LDAPaaS? Our JSS is behind a VPN at the moment and not public facing.