LDAP Configuration with Microsoft Active Directory (Windows 2012 R2 Server)

New Contributor

In order to Configure LDAP Server use the following settings :
1. Create a general user for ldap search called ldap under users organization unit. 382ff719a5414740b8b1f8bc43e374d9
2. Change the LDAP Mappings as followed : - User Mappings bd8dacf33c664573bc06fe81e682d48d - User Group Mappings ff882a32de0c49c8a69743dc9e82d951 - User Group Membership Mappings 4a4408a59096464ab8138c10072ab264


New Contributor III
New Contributor III

Great Information, Thanks for providing.

Contributor II

This is very helpful, thanks.

I posted this question on its own a few months ago but didn't get anywhere, so just for kicks I'm going to post it here in a thread that might know something about AD.

We have an issue with our JSS where AD users suffer from severe lags when creating/modifying policies or configuration profiles. Clicks take forever to be recognized and sometimes pages just timeout entirely. However, if we log in as a local admin or other local user, the issues immediately go away.

I used the screenshots above to verify that all of our settings are correct and they appear to be so.


New Contributor
  1. Is your JSS installation on the same network of the AD ?
  2. Are u using JSS installed on a windows machine or linux ?
    If it's installed on a linux machine like i did, then you must modify the resolve.conf file:
    domain domain.com
    nameserver x.x.x.x (the ip address of the AD must be the first nameserver)

  3. Also if you upgraded the JSS to the latest version 9.93 , then you must upgrade the java version to 1.8
    sudo add-apt-repository ppa:openjdk-r/ppa
    sudo apt-get update
    sudo apt-get install openjdk-8-jdk

In order to switch between the old java and the new one when you have different versions run the following command from the terminal:

sudo update-alternatives --config java

Press enter to keep the current choice[*], or type selection number:

Contributor II
  1. This is where it gets complicated. We have two JSS's in a DMZ behind a load balancer. They use a VIP set up specifically for LDAPS also in the DMZ. However, our management JSS is not in the DMZ, it is on our internal.pretendco.com domain. Currently, it is configured to use the same LDAPS config. I wasn't sure what would happen if I entered two LDAP servers. I have to have the DMZ one tho because without it, our provisioners cannot log into Casper Imaging.
  2. Our JSS in on RHEL 6.8. In the resolv.conf file we have two IP addresses, but I don't know if they're DC's as opposed to just plain DNS. The file is managed by Puppet, though, so I don't know if I can edit it anyway.
  3. Our JSS is still 9.82 due to minor complications from a weekend attempt at upgrading. With that said, my Java update was successful so I just need to flush my giant log files before reattempting the upgrade. But to be clear, these issue have been ongoing for months.