Like the title says. OneLogin offers a vLDAP feature which will turn your OneLogin user directory into a cloud-based LDAP directory. It works 75% of the time but I've noticed that it will run into an error such as losing connection/not being able to query any users. Has anyone had better luck or tried using this?
@bentoms Yes I spoke with JAMF support regarding that. It will perform authentication for user-initiated enrollments but it will not perform LDAP functions like lookups and binding. Specifically, 9.93 won't perform authentication during DEP or assign users to devices. Hopefully that will change later down the road!
So I finally got OneLogin to be forthright about this after countless hours of communication as well as OL trying to get me to engage a third party partner of theirs to get this working. -__-
"He did see your message and said that he can't provide the mappings information you requested until the group search functionality is out. -- After meeting with the developers this week, he's optimistic this will be implemented in November, but worse case, we have engineering commitment to have it finished prior to the end of the year."
We are very likely ditching vLDAP for JumpCloud. It works.
Hi guys I am planning to use OneLogin VLDAP with Jamf Pro unfortunately, I cannot find any documentation.
Please can you point me in the right direction or if you have one can you share it. The email address to share it to is firstname.lastname@example.org
I would be grateful if you can share anything that would be useful.
@bkebbay - Just had a call with OneLogin again today and they are making progress but group lookup is still not functional as we were once told.
User lookup however has actually always been working.
@typeraj - Raj! So nice to see you here! Hope you're well.
Sorry for the severe delay here, I somehow missed your reply.
I've been working with OneLogin on this for months now and it seems still pretty dead in the water for us at least.
I appreciate the super user tidbit but unfortunately we have had that permission in place since the initial configuration of vLDAP in JAMF so that wasn't our snag unfortunately.
While the built-in testing mechanism in the JAMF LDAP config pane seems to work successfully for user, group and group membership lookups, it doesn't actually function in action. I can't successfully scope policies to LDAP groups nor can my IT team authenticate to JAMF Pro using vLDAP (say in JAMF Remote as an example or at the /?failover auth URL).
The engineer I have been working with at OneLogin swears this functionality works in their internal instance of JAMF but I have yet to successfully get this going in ours even with their hand holding on call after call with them. Are you able to confirm that you can scope (limit) using a vLDAP group?
Also are you able to add an LDAP group to the JAMF user administration and have your team successfully authenticating that way? (Not individual LDAP account creation within JAMF that part works but who cares because thats not really sustainable :P)
@davizmr - wow sorry I am so bad at responding here. Its still not working properly with JAMF from my perspective 😕
This is the latest I have from our NoLogin rep about vLDAP:
*I'm reaching out to advise our base VLDAP refactor came out in our March release. Please find the release notes linked here.
vldap4.us.onelogin.com has also been updated with name attribute and entryDN enhancements.
However please note: there are also role/group search performance improvements coming soon which will be important for Jamf Pro testing. We'd recommend re-testing once all improvements are released for best results.*