G Suite Secure LDAP and Jamf Pro Cloud

neilrooney_old
New Contributor II

With the public release of G Suite Secure LDAP, I was wondering if anyone has been able to get it working with the Jamf Pro Cloud instance?

Jamf Pro does not support certificate based LDAP so stunnel is required but after googling around and trying things out I have yet to get it to work.

https://gsuiteupdates.googleblog.com/2018/11/secure-ldap-now-available-simplify-login.html

Here is the write-up from Jamf: https://www.jamf.com/jamf-nation/articles/562/integrating-with-secure-ldap-in-cloud-identity

I get stuck with stunnel. I'm just not sure who the config should look.

10 REPLIES 10

mainelysteve
Valued Contributor II

Have you checked this out yet? Scroll down towards the bottom of the post.

neilrooney_old
New Contributor II

Hi @mainelysteve , yes, it's what I was using. the author though has a local install of Jamf Pro:

For his tutorial I installed it on Ubuntu 18.04, on the same machine as my Jamf Pro test server.

I don't have a local install and so don't know what the settings in stunnel should be when using it only with Jamf Cloud.

mainelysteve
Valued Contributor II

@neilrooney Check the page again. Go towards the bottom of the page until you see "UPDATE: How to do this with JamfCloud?"

neilrooney_old
New Contributor II

@mainelysteve thanks Steve, I saw that but I still don't know how that should look in reality. There is a fair amount of assumed knowledge in that post :/

Deonarain
New Contributor II

Any updates? I'm also having issues with stunnel.

I really hope Jamf is working on a better solution for this. I imagine all of the G Suite / Jamf Pro Cloud customers want this feature.

mainelysteve
Valued Contributor II

@Deonarain Judging from what's been shared by jamf for 10.10 stunnel won't be necessary in the future. What sort of issues are running into right now?

Deonarain
New Contributor II

@mainelysteve

I'm getting the error below when running sudo /etc/init.d/stunnel4 restart

[!] Error binding service [ldap_IN] to 52.206.196.135:1636
[ ] Unbinding service [ldap_IN]
[ ] Service [ldap_IN] closed
[ ] Unbinding service [ldap_OUT]
[ ] Service [ldap_OUT] closed
[2800]: failed
[2800]: You should check that you have specified the pid= in you configuration file
[1]: stunnel4.service: Control process exited, code=exited status=1
[1]: stunnel4.service: Failed with result 'exit-code'.

mainelysteve
Valued Contributor II

You shouldn't have to specify a pid in the conf file however, I would check that a folder(stunnel4) and pid file exists in /var/run/. Did you install it using apt?

Deonarain
New Contributor II

I finally got this working through a lot of trial and error. In the end, I needed to whitelist Jamf IP addresses. https://www.jamf.com/jamf-nation/articles/409/permitting-inbound-outbound-traffic-with-jamf-cloud

pauljohnston
New Contributor II

Any updates on this? Is stunnel still the only option?