Skip to main content
Solved

One user cannot log in using LDAP

  • August 26, 2025
  • 5 replies
  • 87 views
StoopsE
Forum|alt.badge.img+2

I have one user who cannot log in through the LDAPS login at initial setup. No other user has this issue. Their username can be queried through the LDAPS search test and each field populates correctly. They have no issues with other platforms that use LDAPS. I have changed their password and it has made no difference. Are there restrictions that can be placed on a user that I am missing?

Best answer by StoopsE

@sdagley It was a lot easier than I thought. They have a JAMF system account that they never logged into. Reseting the password there allowed them to enroll the device.

5 replies

AJPinto
Forum|alt.badge.img+26
  • AJPinto
  • Legendary Contributor
  • August 26, 2025

There is nothing in Jamf that would cause this, maybe the user is missing an AD Group or something. I suggest having your IAM account review the users account.

 

It is possible there is a Conditional Access policy preventing your user from authenticating or something like that. Without knowing more about your setup its really hard to speculate further. 

sdagley
Forum|alt.badge.img+25
  • sdagley
  • Jamf Heroes
  • August 26, 2025

@StoopsE When you changed the user’s password did you set it to a “permanent” password, or one that is in the “Must change on next use” state? If the latter you cannot authenticate the user via LDAP and you’ll need to set a “permanent” password for them.

StoopsE
Forum|alt.badge.img+2
  • StoopsE
  • Author
  • New Contributor
  • August 26, 2025

@sdagley The account’s password was changed with a permanent password and it still wouldn’t authenticate. Later the user changed their password themself.

sdagley
Forum|alt.badge.img+25
  • sdagley
  • Jamf Heroes
  • August 26, 2025

@StoopsE So much for that theory then. I’m afraid I’m out of ideas as that’s the only cause I’ve seen consistently for Mac users to fails LDAP auth with Jamf Pro.

StoopsE
Forum|alt.badge.img+2
  • StoopsE
  • Author
  • New Contributor
  • Answer
  • August 27, 2025

@sdagley It was a lot easier than I thought. They have a JAMF system account that they never logged into. Reseting the password there allowed them to enroll the device.

sdagley
Terms & ConditionsCookie settingsAccessibility statement