LDAP Active Directory C Connection on JSS

For the host just enter your domain name and it will use DNS to steer itself to the correct domain controller. The service account I used was a Domain Admin, so it could read all aspects of the domain in, however I'd imagine as long as the account you use can read objects you'd probably be ok.

::shudder::

Woah boy. Set yourself up a service account. You don't want a domain admin's credentials stored anywhere - encrypted or not. As AD does not allow unauthenticated lookups, all it needs is the ability to read so the lowliest of privs should do it.

This is very useful, thanks.

I have some accounts that should work but they keep getting rejected. Some accounts simply reload the page and some say check the user name and password.

Domain admin as a service account is a big big big no no. Have a service account created that specifically joins AD and thats it. You can use the JAMF directory option in Casper Admin via the JSS to create an AD bind. You can setup domain admins as well so all your users that are domain admins get admin rights automatically. I have a script that will also move them into local admin group.

I am using a service account (which is used for the same thing in another application) and it is failing. It simply blanks the password out and never proceeds.

I am putting in the server info in the following format:
domain.company.com in the host field
domain in the AD domain field.

Any error logs on the DC side of things? I'd start there and see where it's tripping up. If it's actually a permissions thing, that'd tell you.

Bryan,

I'm in a similar position and am wondering if the "manual" method is documented anywhere that you know of?

Thanks,
Tom

I've never used anything but the manual method and have never had issues setting up an LDAP connection. Myself, I'd recommend going that way. You'll learn a bit about how LDAP (and how your LDAP) works.