jamf pro / LDAP Proxy / Infrastructure Manager

jamesboyd
New Contributor

Hi! I am having some trouble configuring my jamf Pro set up. I am trying to install an on prem hosted jamf Pro. I've set up the jamf Pro server on my domain, and now am struggling with getting the LDAP Proxy to work. I don't quite understand what I should be doing with LDAP proxy and Infrastructure Manager (or AD CS Connector), or where or what order all this should be installed to.

I have the internal jamf Pro server working and connected to LDAP. That server is on my internal network and is connected to LDAP and that works. I thought I was supposed to then install another instance of jamf Pro in my DMZ and connect that instances database to the internal database, which I have done. Now I am trying to install Infrastructure Manager so I can set up the proxy to connect back to the internal jamf instance. 

I cant seem to find any documentation about how all these services tie together, only how to configure each one individually. Can anyone offer any suggestions?

Thanks!

3 REPLIES 3

bwoods
Valued Contributor

@jamesboyd  if you have an internal Jamf Pro server connected to LDAP, I don't think you need to worry about the Jamf Infrastructure Manger. In my opinion, the JIM is there to connect Jamf Cloud to an Internal LDAP server.  However; if you still want to configure this there are a few blog posts that may help: 

Jamf_Infrstructure_Manager.pdf (hcsonline.com)

A word on LDAP integration and the Jamf Infrastructure Manager - Travelling Tech Guy

Jamf Pro - JIM LDAP Proxy Issues (grayw.co.uk)

Installing and configuring the Jamf Infrastructure Manager on Red Hat Enterprise Linux | Der Flounde...

The hardest part for me was opening firewall requests and ensuring bi directional communication between the JIM and my Jamf Cloud instance. I also had to fool around with the host file of the server hosting the JIM, but I don't think you'd have that issue with an Internal Instance. 

Another option is configuring jamf Pro to use an IDP as an LDAP service. This should work with services such as Azure AD/ADFS, Okta, Google Identity, and One Login.

 

 

 

bwoods
Valued Contributor

The ADCS Connector is a little more straight forward. First ensure that all the correct ports are open and that there is bi directional communication between the internal CA server and the ADCS server. Install the software on the ADCS server. Then add the ADCS server as a PKI CA in Jamf Pro. The Youtube video below will basically walk you through this:

https://youtu.be/oRkpkN1Z3aI 

jamesboyd
New Contributor

@bwoods thanks very much for this info. I am wondering if I needed the infrastructure manager too, but the LDAP proxy admin guide seems to indicate I need this, since I have an internal jamf Pro instance, but also need to run jamf Pro in the DMZ because of the internet access required for enrollment, push/pull, etc. I'll have a look through those docs though and the video as well. 

Thanks for the info on certs as well. Admittedly, I am terrible with certs, so your response is helpful. I'll see where I can get with everything you posted here. Thanks much for taking the time!