LDAP authentication failing after 9.62 upgrade

james_ridsdale
New Contributor III

Is anyone else seeing this? We have JSS's on 9.61 authenticating to the same LDAP server without issue. Since bumping 3 x JSS's to 9.62 we can no longer auth with LDAP credentials....

1 ACCEPTED SOLUTION

james_ridsdale
New Contributor III

Found the issue...

"Use recursive group searches" is enabled on 9.62 vs disabled on 9.61.

Just updated this setting and all is fine.

View solution in original post

14 REPLIES 14

CGundersen
Contributor III

Upgraded our PreProd to 9.62 (from 9.61) earlier this morning. No issues with LDAP (AD) credentials that I'm seeing in limited testing.

james_ridsdale
New Contributor III

Found the issue...

"Use recursive group searches" is enabled on 9.62 vs disabled on 9.61.

Just updated this setting and all is fine.

donmontalvo
Esteemed Contributor III

@james_ridsdale Guessing you had to stop/start Tomcat for the change to take effect?

--
https://donmontalvo.com

james_ridsdale
New Contributor III

Tomcat restarts made no difference. This was the first thing I tried.

donmontalvo
Esteemed Contributor III

I meant did you uncheck "Use recursive group searches" and have to restart Tomcat for that change to take effect?

--
https://donmontalvo.com

jhalvorson
Valued Contributor

@james_ridsdale - upgraded from 9.6 to 9.62 yesterday. No issues with LDAP lookup, but also noticed that "Use recursive group searches" was enabled after the update. I've elected to uncheck it since it hasn't been needed in the past.

cdenesha
Valued Contributor III

I have no idea what my setting was before.

Isn't this the kind of thing we should know about before an upgrade? I read the release notes pretty closely..

MarcosMunoz
New Contributor III

Where is the "Use recursive group searches" setting located on the JSS?

donmontalvo
Esteemed Contributor III

Settings > System Settings > LDAP Server > ...pick one... > Mappings > User Group Membership Mappings > [x] Use recursive group searches

--
https://donmontalvo.com

donmontalvo
Esteemed Contributor III

Our issue (Casper Remote "you don't have enough permission") was unrelated to this thread resolved with a workaround, will update the other thread.

--
https://donmontalvo.com

derek_peterson
New Contributor

Hi Don. I am also seeing the Casper Remote "you don't have enough permission" issue in our environment. Could you please post what workaround you are using or a link to the thread? Thank you!

donmontalvo
Esteemed Contributor III

Hi @derek.peterson, 9.63 fixed it:

http://resources.jamfsoftware.com/documents/products/documentation/Casper-Suite-9.63-Release-Notes.p...

Page 15:

[D-008176] Fixed an issue that prevented JSS user accounts that belong to a JSS user group and have custom privileges for Casper Imaging, Casper Remote, or Recon from opening and using those applications.
--
https://donmontalvo.com

derek_peterson
New Contributor

Thanks @donmontalvo!

To workaround the problem in Casper 9.62 enabling Use Casper Imaging, Customize a Configuration, and Store Autorun Data in Users Accounts & Groups Privileges restored the ability to use Casper Remote. This will do the trick until we can deploy Casper 9.63.

bentoms
Release Candidate Programs Tester

Thanks @donmontalvo from us too. We found the same with 9.62 & your fix worked.