Cannot add new Azure AD LDAP Server for On-prem > Cloud migration

Egallichio
New Contributor

Hello!

After our 4 hour migration call, we've hit a hang up with migrating to JAMF Cloud, particularly with adding a new LDAP Server.

(To preface this, we had JAMF on an on-prem server before, but have imported everything to Azure AD.)

When we select 'Microsoft Active Directory' in the 'Choose Service' section (using ourdomain.com:636) and enter either of our Admin credentials, it says that it cannot find the user.

When we use the 'Configure manually' option, after selecting 'Use SSL' and uploading our self-signed cert, we tried 2 options:

1) Using 'None' in the Authentication type pull-down menu. When we test/search for a Username after we enter everything and continue, we receive the following message, no matter if an actual username was searched for, or random characters:

Error: javax.naming.directory.InvalidSearchFilterException: invalid attribute description; remaining name ''
Suggestion: No suggestion available

2) Using 'Simple' in the Authentication Type pull-down menu with a combination of username/passwords, which include: Admin/non-admin accounts, regular password, app password (MFA is enabled on our Office 365 accounts), also changing the password for our admin accounts multiple times, waiting a bit, and then using them. We receive this error for this scenario:

Error: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580�]
Suggestion: Ensure that the username and password provided are valid.

I've read that 52e in the error might suggest a good username+bad password, but we've ruled that out in many different ways.

Any insight would be helpful. thanks!

5 REPLIES 5

MacSysAdmin
Contributor

Are you using JAMF Infrastructure Manager or is your LDAP server public facing?

Not applicable

Is this ADFS? We're potentially looking in the same direction for future plans, but haven't really started down the path yet.

MacSysAdmin
Contributor

Use ADSI Edit to check and verify your username x.500 naming convention.

Egallichio
New Contributor

Thanks for the responses!

BostonMac:
Our LDAP server is on Azure AD (it was on-prem a few years back, but was moved to the cloud) and is public facing. I'll try the ADSI edit, solution if applicable and check back.

WTArmstrong:
This is not ADFS, but we do believe the hangup has something to do with permissions

Thanks!

gachowski
Valued Contributor II

@Egallichio

Any updates we are seeing the same issue..

C