LDAP Server Test not Pulling any Results

bassic
New Contributor III

I am preparing for my on-boarding next week by configuring JIM so that our cloud-hosted Jamf pro server can query our on-premises Active Directory directory.

Everything is set up with DNS records, forwarding etc- the JIM server is checking in to the Jamf pro server, and the LDAP server is connected, but when I test the LDAP server by searching for a username, I get no results- no errors or anything, it seems totally happy, just no results.

I'm pretty sure my mappings are ok, and the logs don't show any errors either, so I'm a bit stuck at the moment.

Has anyone else had this problem?

Thanks

Laurence

7 REPLIES 7

Chris_Hafner
Valued Contributor II

I have an open ticket with JAMF over a similar issue. I have to assume that we've screwed up some firewall rule somewhere. In our case, we were originally seeing errors, (Failure to connect to socket type errors). We sorted those, but I think we screwed something up mucking around with FQDN name changes. How quickly are you seeing failures? Failures between the JIM and our LDAP internally resulted in a very long time to fail (about 15 seconds). A failure between our jamfclound instance and JIM (even partial) happened in less than a second.

Long story short, I've sent in the logs and should hear back soon. I'll update when I hear.

bassic
New Contributor III

Hi Chris.. Glad to hear it's not just me. The weird thing in my case is that for us, there are no errors, and the logs all look healthy, just no results- strange. I have a ticket open with JAMF as well, so hopefully they can get to the bottom of it! I'll post an update when it's resolved.

Chris_Hafner
Valued Contributor II

I'm operating under the assumption that the request from the cloud instance is simply not hitting the JIM. I hate to make assumptions but...

Chris_Hafner
Valued Contributor II

Just heard back from JAMF. We've got at least a DNS issue with the domain name we've set up for it. I will fix that and get back on here with the next step.

Chris_Hafner
Valued Contributor II

OK, We screwed up our external DNS entry for the VM hosting JIM. Once that was sorted, all was well with the world... at least as far as lookups go. Now to get Self-Service to accept LDAP credentials again...

Chris_Hafner
Valued Contributor II

OK, I learned something important here. It looks like my standard users could log in with LDAP, but my JAMF Pro (also LDAP) users needed to be reset (Deleted and re-added). All is now well in our world!

bassic
New Contributor III

Ok so JAMF have fixed my issue- as I suspected it was my mappings- using the ones recommended in this blog worked for us- https://travellingtechguy.eu/default-ldap-mapping-for-active-directory-in-jamf