LDAP Configuration with Microsoft Active Directory (Windows 2012 R2 Server)

Great Information, Thanks for providing.

This is very helpful, thanks.

I posted this question on its own a few months ago but didn't get anywhere, so just for kicks I'm going to post it here in a thread that might know something about AD.

We have an issue with our JSS where AD users suffer from severe lags when creating/modifying policies or configuration profiles. Clicks take forever to be recognized and sometimes pages just timeout entirely. However, if we log in as a local admin or other local user, the issues immediately go away.

I used the screenshots above to verify that all of our settings are correct and they appear to be so.

Thoughts?

1. Is your JSS installation on the same network of the AD ?

2. Are u using JSS installed on a windows machine or linux ?
   If it's installed on a linux machine like i did, then you must modify the resolve.conf file:
   domain domain.com
   nameserver x.x.x.x (the ip address of the AD must be the first nameserver)

3. Also if you upgraded the JSS to the latest version 9.93 , then you must upgrade the java version to 1.8
   sudo add-apt-repository ppa:openjdk-r/ppa
   sudo apt-get update
   sudo apt-get install openjdk-8-jdk

In order to switch between the old java and the new one when you have different versions run the following command from the terminal:

sudo update-alternatives --config java

Press enter to keep the current choice[*], or type selection number:

1. This is where it gets complicated. We have two JSS's in a DMZ behind a load balancer. They use a VIP set up specifically for LDAPS also in the DMZ. However, our management JSS is not in the DMZ, it is on our internal.pretendco.com domain. Currently, it is configured to use the same LDAPS config. I wasn't sure what would happen if I entered two LDAP servers. I have to have the DMZ one tho because without it, our provisioners cannot log into Casper Imaging.
2. Our JSS in on RHEL 6.8. In the resolv.conf file we have two IP addresses, but I don't know if they're DC's as opposed to just plain DNS. The file is managed by Puppet, though, so I don't know if I can edit it anyway.
3. Our JSS is still 9.82 due to minor complications from a weekend attempt at upgrading. With that said, my Java update was successful so I just need to flush my giant log files before reattempting the upgrade. But to be clear, these issue have been ongoing for months.