Jamf Nation Community

We upgraded JSS Dev environment to 9.65 but unfortunately issue is still there. What's the next course of action, please?

On a side note - we have configured LDAP servers manually in JSS. I'm not sure if this is related to the issue.

If you upgraded and still have the issue, then open a support ticket with JAMF for assistance. Let them know the LDAP servers are manually configured as that may have something to do with it.
At least now that you're on the latest version they should be able to help. If you had contacted them before they probably would have asked you to upgrade to 9.65 first.

Hi,

We have already open a support ticket with JAMF since yesterday but till now, no resolution is provided by them :-(

Any support from you guys would be appreciated.

Thanks

Any update on this? Running into this same issue.

Unfortunately no, we have escalated this issue with in JAMF but yet to get any breakthrough :-(

Hey guys,

this one is listed as defect. Unfortunately I can't find the mail with the defect ID...

We're on 9.6.5 here at my company and when trying to add LDAP users or groups I receive a blank page with the URL: https://jss.company.com:8443/accountAssistant.html

Is this the same behavior others are experiencing?

yep, same behavior i.e. blank page.

No solution so far from JAMF.

@entholzner: you have any idea please when JAMF is going to address this?

That's an unfortunate bug. Definitely not something I'd test in our test environment before upgrading but a killer when it's broken in production.

As I remember, they mentioned that it would be fixed in the next release, which is 9.66 I think.

Hey all,

If you go to the LDAP server settings in your JSS, then edit, and go to Mappings >> User Group Membership Mappings, what do you have in the "Group Membership Mapping" field?

If yours is set to member, try changing it to memberOf and see if that clears it up.

If that is what you see and that change helps, please get in touch with your Technical Account Manager to let them know if you already have a case going.

Thanks!
Amanda Wulff
JAMF Software Support

Hi Amanda,

Thanks for your suggestion. Unfortunately we tried this yesterday but didn't help. We already escalated this to the TAM. As of now, we don't know when this is going to be fixed. Neither we know when the next version i.e. 9.66 is going to be released. If you have any information regarding this, then it would be appreciated.

Thanks

@sidhu_navdeep

If you've already got a case going, there are a couple of things you could send in to your TAM that may be helpful for them in troubleshooting; if we could get a copy of your JAMFSoftwareServer.log that would be helpful as, many times, errors relating to failed LDAP logins show up there and may help give us an indication as to why it's failing.

Since that log file does contain some identifying information about your environment, it is not something we'd want to have you post here, but it can be sent to your TAM privately on the case you already have going.

Default locations for the JAMFSoftwareServer.log:
Mac Server - /Library/JSS/logs
Windows Server - Program FilesJSSlogs
Linux Server - /usr/local/jss/logs
Hosted JSS: https://your.jss.url:8443/logging.html >> Download.

If you see multiple logs, we want the most recent one, which is the one that does not have any numbers in the file name.

It may also be helpful for your TAM to have screenshots of how the LDAP server is set up in the JSS so they can take a quick look and see if anything jumps out there.

As with the JAMFSoftwareServer.log, the screenshots would contain identifying/internal information on your environment, so we would not want to post them to this thread for that reason; they can be attached to a case e-mail for your TAM instead.

We’d want to look at screenshots of the following pages for the LDAP server that is set up in the JSS (System Settings >> LDAP):

Connection
Connection >> Mappings >> User Mappings
Connection >> Mappings >> User Group Mappings
Connection >> Mappings >> User Group Membership Mappings

All of these files can be zipped up and attached to a case if they are under 15MB in size once zipped. If they’re larger, please let your TAM know and they can get file transfer instructions sent to you.

Thanks!
Amanda Wulff
JAMF Software Support

@amanda.wulff

Thanks for this information. We have already shared JAMFSoftwareServer.log file with JAMF & they already remote logged into our environment & got the information about LDAP servers & how they are configured. We are just keeping our fingers crossed & hoping that JAMF should fix this soon.

@sidhu_navdeep

I found your case after a little bit of digging and left a couple of notes there of things that your TAM can also check that stood out when I gave the debug log a quick skim; hopefully, we'll get something figured out soon!

I did forget to mention a bit about releases/release dates that you had asked about earlier though: We don't give out concrete release dates for our software, as we want to make certain that customers don't get conflicting or changing information if we have to push a release back due to finding an issue in last minute internal testing.

In the event of an iOS or OS X release, we strive to have an update out that is compatible with the new iOS or OS X version within 5 business days.

Amanda Wulff
JAMF Software Support

@amanda.wulff

Thank you for your support & information about release date. I've advised TAM to have a look at case notes again.
Cheers

We are having the same issue all the way up to 9.7...

Any chance we have a fix that can be shared here?

JAMF Support had us turn on debugging and the issue seems to be that even after one DC responds with the account information the JSS still queries the next DC and fails. They state they're looking into the bad code and will hopefully have a solution in the next update. For now we have removed the second DC from the JSS...

@jwklosterman
As far as I know, we can only mention one DC against a domain in LDAP configuration unless I'm mistaken. So I'm not sure whether removing second DC fixes the problem for you! Please can you clarify.
So far, we came to know about below things after working with JAMF Support -

1. There is something wrong in the database which is breaking LDAP communication.
2. LDAP works just fine in 9.65 version if we install JSS Casper from scratch i.e. ignoring current copy of the database.

JAMF Support is supposed to fix the issues with in the database. Having said that, new versions of JSS Casper would not help us to fix this issue.

Thanks

@sidhu_navdeep
@jwklosterman 's Right about the second Connection (Though he said DC, he meant "Connection to LDAP Servers").
I had an LDAP connection defined to our old Domain so that we could use legacy accounts within casper.

Once I removed that second LDAP connection and relied on the Primary LDAP connection only, my issues were resolved.

Now I have no way of supporting those Techs that relied on those accounts, but I'll let them cry it out.

Once Jamf cleans up that Code, I'll reintroduce if still needed.
Thank you @jwklosterman

Hey All, I work with @jwklosterman and we just finished a troubleshoot call with JAMF support. We found that limiting scope by narrowing the "search base" under mappings helped with adding LDAP users but not LDAP groups. So we were able to add back users from our second LDAP connection (separate domain) individually. Seems this is a combination of LDAP querying efficiency running into larger directory structures.

We are spinning up a lab to test the next version against our LDAP, hopefully we have success.

Seeing this with 9.72 also, any updates on the defect ID on this one?