LDAP - Mac discussion

Contributor II

Right now we are not using LDAP, but wondering if that is something the majority use ?
Also I guess to get the full feature it must be a public LDAP, but as I understand there is some quite security issues as it gives access to much information if LDAP is public accessibly

So how is your view on this LDAP and if it does make sense to run ldap just internal ?


Contributor II

I use LDAP for two reasons:
1. With DEP and Pre-Stage Enrollments, end users sign in with their AD credentials.
2. I scope items based on AD group membership.

New Contributor II

We use LDAP as well for Pre-Staging and DEP enrollments.

New Contributor III

If by "public" LDAP you mean exposing your LDAP infrastructure to the entire public internet, yes, that would be a security issue. If you are hosting your LDAP infrastructure on-premise you could use the Jamf Infrastructure Manager "JIM" to setup an LDAP Proxy (This will connect your Jamf Cloud Instance to your Local LDAP/AD server securely).

There is a great guide available to help you set this up https://hcsonline.com/images/PDFs/Jamf_Infrstructure_Manager.pdf (This is for Windows Server).

Another option would be to setup secure LDAP (LDAPS, LDAP with SSL) and only open that to the Jamf Cloud IP address.
IP List available here - https://www.jamf.com/jamf-nation/articles/409/permitting-inbound-outbound-traffic-with-jamf-cloud