Posted on 10-18-2019 12:56 PM
Right now, we have a LDAP server successfully configured within Jamf Cloud. The architecture is standard for a typical JIM implementation - Jamf Cloud talks to a Jamf Infrastructure Manager (JIM) server living in our DMZ, which then communicates with our on-prem Windows AD Server via the LDAP proxy that comes with JIM.
My question is this: with JIM implemented, is there really a reason to go through the extra hassle of setting up LDAPS? It seems like some tutorials implementing JIM casually mention that you have the option to set up either LDAP or LDAPS. Even Jamf's official JIM documentation simply states that "...the most common configurations are port 389 for LDAP and port 636 for LDAPS." Is there a real danger to simply staying with LDAP, when JIM is implemented, and the firewall only accepts whitelisted IP connections from Jamf Cloud Servers?