LDAP Extension attributes don't work on 10.20

mnickels
New Contributor III

EDIT: To anyone wondering, this was a bug in version 10.20 - it has been resolved in 10.21.

Hello everyone,

Could anyone please let me know if they have the same issue as me?

I'm on JamfCloud, currently version 10.20.1-t1584039255, and I've noticed that LDAP extension attributes for macOS devices are not being updated during recon.

To test this, I simply duplicated an LDAP attribute I already had:
Display Name: LDAP - User UPN2 (Temp)
Data Type: String
Input Type: LDAP Attribute Mapping
LDAP Attribute: userPrincipalName

20ef0b1a54db4f238f1172b4cdf41366

I then run a "sudo jamf recon" but this new attribute never gets populated (see screenshot). You can see the previous attribute (configured the same way) maintains the existing result from when this process was working.

8b16679e43004f6ea1b1f9b1250791c5

I can confirm that I have "Collect user and location information from LDAP" checked under Settings -> Computer Management -> Inventory Collection. I have also tried to toggle the new feature "Allow local administrators to use the jamf binary recon verb to change User and Location inventory information in Jamf Pro" but neither option works.

98d8214252e34760bb2401b46171888e

Doing a test under my LDAP configuration works great, and users can still be searched through the User and Location -> Edit -> Search process.

I have a ticket open with Jamf support, but am awaiting a response. This issue seemed to start when I was upgraded to 10.20.1-t1584039255 - it would be great if someone else could test this scenario.

4 REPLIES 4

nicktong
New Contributor III

Thanks for posting this and your update, @mnickels – Had the same issue.

rqomsiya
Contributor III

Just spoke to my TAM regarding a similar LDAP issue. Apparently there are two PI's regarding LDAP issues in 10.20. He mentioned it is resolved in 10.21.

There are some temporary workarounds which did resolve the issue for me. Let me know if you need more detail.

BGoldman
New Contributor

rqomsiya, I would love to here more details what your TAM talked about and temporary workarounds.

rqomsiya
Contributor III

Hi @BGoldman : All we had to change was the UID. Change it to "cn" (without quotes):

fffe987fbaa44e15b282ddf7ed96ef32