LDAP authentication script to replace Self Service LDAP?

Question

We're running into the Self Service bug with LDAP-user-scoped groups where policies sometimes return the &#034;item is no longer available&#034; error.  This is causing a lot of issues with our technicians, since LDAP-gating is required for device provisioning and other security-sensitive policies.

I am looking into options to bypass LDAP scoping and restricting policies another way.  Has anyone come up with a method to authenticate an AD user in a bash script?  I just need to validate the user's credentials against AD, and the system is not bound to AD yet.

bradtchapman · Answer

It’s not that you can’t validate against AD with a script.  It’s that Self Service has no mechanism to receive input from stdout in the Terminal even if you you could.  You have to rely on the LDAP framework within the app to validate user accounts.  When you get “item is no longer available,” has the Self Service session been idle for some time, or does it happen immediately after the person logs into the app?Have you found a way to repeat the problem in testing?Have you audited Active Directory for account login failures?Have you run Self Service in the debug mode to capture additional data?

LDAP authentication script to replace Self Service LDAP?

1 reply

Reply

Most helpful members this week

Cookie policy

Cookie settings

Reply

Related topics

Using Okta as an LDAP sourceicon

Jamf Pro 10.37 is now availableicon

New Device sign-in with SSO, Jamf Connect (Azure) and auto device naming based on the users infoicon

Self Service not allowing login?icon

Trouble with OS X Self Service Policies Limited to AD Groupsicon

Most helpful members this week

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings