Help

LDAP - test - can find the account but cant find under Users on JSS

Go to solution
akamenev47
Contributor II

Posted on ‎11-04-2021 01:51 PM

Hi,

I am having a strange issue, where I can find the user account under LDAP > Test feature, but it does not find that same account under Users on JSS... Anybody seen this before?

I can find another account in both: LDAP > Test and under Users, which are located in the same OU on the AD, but this particular one I can't, which doesn't make any sense...

 

4wtcconf-found-per-LDAP-test.png4wtcconf-NOT-found-per-user-search.pngAppreciate any suggestions on this!

 

Ahoy!
0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
sdagley
Esteemed Contributor II

Posted on ‎11-04-2021 02:22 PM

@akamenev47 has that account enrolled a Computer or Device in Jamf Pro, or been assigned as the user for one? If not they won't appear in Users yet. Searching users doesn't do an LDAP query, it's just a search of the users assigned to a device enrolled with Jamf Pro.

View solution in original post

Reply
9 REPLIES 9

Go to solution
akamenev47
Contributor II

‎11-04-2021 01:55 PM - edited ‎11-04-2021 01:56 PM

For example, my admin account is found at both locations...akamenevadmin-found-under-LDAP-test.pngScreen Shot 2021-11-04 at 3.55.46 PM.png

Ahoy!
0 Kudos
Reply

Go to solution
sdagley
Esteemed Contributor II

Posted on ‎11-04-2021 02:22 PM

@akamenev47 has that account enrolled a Computer or Device in Jamf Pro, or been assigned as the user for one? If not they won't appear in Users yet. Searching users doesn't do an LDAP query, it's just a search of the users assigned to a device enrolled with Jamf Pro.

Reply

Go to solution
akamenev47
Contributor II
In response to sdagley

Posted on ‎11-04-2021 02:36 PM

Thank you so much, I had no idea about this!

Ahoy!
0 Kudos
Reply

Go to solution
ega
Contributor III

Posted on ‎11-05-2021 05:28 AM

@akamenev47  The other place this caught me was checking "Authentication Required" in a PreStage.  If the user has not been assigned to a device, etc then they will not be able to authenticate.  I had to move to an enrollment customization using LDAP instead.

0 Kudos
Reply

Go to solution
sdagley
Esteemed Contributor II
In response to ega

Posted on ‎11-05-2021 06:09 AM

@ega Using "Authentication Required" should definitely do an LDAP query for authentication for users who have never previously enrolled a device with Jamf Pro. The only time I've seen that fails is when a user's AD password is in the "must change on next login" state.

0 Kudos
Reply

Go to solution
ega
Contributor III

Posted on ‎11-05-2021 06:17 AM

@sdagleyjust bit me twice teaching a short course to our Site admins using 10.32.2 two weeks ago 

0 Kudos
Reply

Go to solution
sdagley
Esteemed Contributor II
In response to ega

Posted on ‎11-05-2021 11:37 AM

@ega You may want to open a case with Jamf Support to investigate. The "Authentication Required" option in a  PreStage Enrollment can definitely do an LDAP lookup of a user not previously associated with a device in Jamf Pro. If it couldn't my org's onboarding process wouldn't work.

0 Kudos
Reply

Go to solution
ega
Contributor III
In response to sdagley

Posted on ‎11-05-2021 11:55 AM

@sdagley You are right.  Turns out the users that could not login were not correctly provisioned in our LDAP.  Thanks for pointing that out.

0 Kudos
Reply

Go to solution
ega
Contributor III

Posted on ‎11-05-2021 11:53 AM

@sdagley  So you are right.  My issue was not passing thru to my LDAP server but that the 2 users in question were not correctly provisioned in said LDAP.  Thanks for helping me clear that up!

0 Kudos
Reply