Posted on 02-19-2019 05:40 AM
I am preparing for my on-boarding next week by configuring JIM so that our cloud-hosted Jamf pro server can query our on-premises Active Directory directory.
Everything is set up with DNS records, forwarding etc- the JIM server is checking in to the Jamf pro server, and the LDAP server is connected, but when I test the LDAP server by searching for a username, I get no results- no errors or anything, it seems totally happy, just no results.
I'm pretty sure my mappings are ok, and the logs don't show any errors either, so I'm a bit stuck at the moment.
Has anyone else had this problem?
Thanks
Laurence
Posted on 02-20-2019 07:01 AM
I have an open ticket with JAMF over a similar issue. I have to assume that we've screwed up some firewall rule somewhere. In our case, we were originally seeing errors, (Failure to connect to socket type errors). We sorted those, but I think we screwed something up mucking around with FQDN name changes. How quickly are you seeing failures? Failures between the JIM and our LDAP internally resulted in a very long time to fail (about 15 seconds). A failure between our jamfclound instance and JIM (even partial) happened in less than a second.
Long story short, I've sent in the logs and should hear back soon. I'll update when I hear.
Posted on 02-20-2019 07:16 AM
Hi Chris.. Glad to hear it's not just me. The weird thing in my case is that for us, there are no errors, and the logs all look healthy, just no results- strange. I have a ticket open with JAMF as well, so hopefully they can get to the bottom of it! I'll post an update when it's resolved.
Posted on 02-20-2019 07:34 AM
I'm operating under the assumption that the request from the cloud instance is simply not hitting the JIM. I hate to make assumptions but...
Posted on 02-20-2019 08:15 AM
Just heard back from JAMF. We've got at least a DNS issue with the domain name we've set up for it. I will fix that and get back on here with the next step.
Posted on 02-20-2019 08:58 AM
OK, We screwed up our external DNS entry for the VM hosting JIM. Once that was sorted, all was well with the world... at least as far as lookups go. Now to get Self-Service to accept LDAP credentials again...
Posted on 02-21-2019 08:54 AM
OK, I learned something important here. It looks like my standard users could log in with LDAP, but my JAMF Pro (also LDAP) users needed to be reset (Deleted and re-added). All is now well in our world!
Posted on 02-25-2019 12:37 AM
Ok so JAMF have fixed my issue- as I suspected it was my mappings- using the ones recommended in this blog worked for us- https://travellingtechguy.eu/default-ldap-mapping-for-active-directory-in-jamf