Help

LDAP - Mac discussion

Captainamerica
Contributor II

Posted on ‎01-08-2019 01:46 AM

Right now we are not using LDAP, but wondering if that is something the majority use ?
Also I guess to get the full feature it must be a public LDAP, but as I understand there is some quite security issues as it gives access to much information if LDAP is public accessibly

So how is your view on this LDAP and if it does make sense to run ldap just internal ?

0 Kudos
Reply
3 REPLIES 3

tomhastings
Contributor II

Posted on ‎01-08-2019 07:03 AM

I use LDAP for two reasons:
1. With DEP and Pre-Stage Enrollments, end users sign in with their AD credentials.
2. I scope items based on AD group membership.

Reply

celina_makinsi
New Contributor II

Posted on ‎01-08-2019 07:10 AM

We use LDAP as well for Pre-Staging and DEP enrollments.

Reply

nicholasmcdonal
New Contributor III

Posted on ‎01-08-2019 09:29 AM

If by "public" LDAP you mean exposing your LDAP infrastructure to the entire public internet, yes, that would be a security issue. If you are hosting your LDAP infrastructure on-premise you could use the Jamf Infrastructure Manager "JIM" to setup an LDAP Proxy (This will connect your Jamf Cloud Instance to your Local LDAP/AD server securely).

There is a great guide available to help you set this up https://hcsonline.com/images/PDFs/Jamf_Infrstructure_Manager.pdf (This is for Windows Server).

Another option would be to setup secure LDAP (LDAPS, LDAP with SSL) and only open that to the Jamf Cloud IP address.
IP List available here - https://www.jamf.com/jamf-nation/articles/409/permitting-inbound-outbound-traffic-with-jamf-cloud

0 Kudos
Reply