Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
LDAP?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-04-2011 06:32 AM
How does one troubleshoot an LDAP connection? We've had casper set to
check against a specific LDAP server since we first set up casper. The
powers that be decided to sunset that server so we had to go back and
re-configure Casper to use our AD domain's LDAP. We were able to
resetup all the required accounts, but seemingly at random times people
can't login to anything casper related (Admin, Remote, or the JSS).
However, if they "wait" for 2 or 3 minutes and try again, everything is
fine. The casper server is up, because local accounts work just fine
and I can remote into the server and see that everything is running...
I can't find anything in the system.log or anything to see what the
problems is. Am I looking in the wrong location? How can I find out
why or where the problem is?
John Wojda
Lead System Engineer, DEI & Mobility
3333 Beverly Rd. B2-338B
Hoffman Estates, IL 60179
Phone: (847)286-7855
Page: (224)532.3447
Team Lead DEI: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>
Team Lead Mobility: Chris
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.> Sta
Ana
Mac Tip/Tricks/Self Service & Support
<http://bit.ly/gMa7TB>
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-04-2011 07:47 AM
I remember when we had issues trying to integrate our JSS with AD, when the JAMF folks remotely assisted us, they used Apache Directory Studio to troubleshoot. Looks like a great tool - I've used it once or twice at other sites.
On May 4, 2011, at 8:32 AM, Wojda, John wrote:
http://directory.apache.org/studio
Give it a shot. If nothing else you'll already have it somewhere when/if you need JAMF's help.
--Robert
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-04-2011 08:14 AM
I would make sure and check that your network ports, subnets, VLAN's and DNS are working correctly. I had an issue with initially setting up our Casper setup because the server connection via port 8443 (https) could not be made for traffic to and from the Domain controller.
I hope this helps.
--
Antoine K. Kinch
Sr Desktop Engineer
USPS Office of Inspector General
1735 N. Lynn Street
Arlington, VA 22209
Direct: 703.248.2159
Mobile: 571.337.2602
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2011 09:21 AM
Yesterday we wiped and reloaded our main JSS. Everything is back up
except for our LDAP connection. Prior to wiping the system our ldap was
functional. The JSS did repopulate the ldap settings but returns that
every id we look up is not found..
Where can I find the logs from what I assume would be the JSS reporting
why logins are failing?
John Wojda
Lead System Engineer, DEI & Mobility
3333 Beverly Rd. B2-338B
Hoffman Estates, IL 60179
Phone: (847)286-7855
Page: (224)532.3447
Team Lead DEI: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>
Team Lead Mobility: Chris
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.> Sta
Ana
Mac Tip/Tricks/Self Service & Support
<http://bit.ly/gMa7TB>
"Any time you choose to be inflexible in your approach to an
unpredictable project you are already building failure into your plan"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2011 09:34 AM
You may have better luck looking on the LDAP side of things to see where it's hanging up. Depending on the directory you're looking at, you may need to make sure you've got both your server's certificate and your organization's root ca installed in Tomcat.
j
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2011 09:57 AM
Weird, we've never done anything like that in the past, and it's the
same OS / JSS version as we had prior. We just plugged in our LDAP to
the LDAP setup on JSS and it worked.
John Wojda
Lead System Engineer, DEI & Mobility
3333 Beverly Rd. B2-338B
Hoffman Estates, IL 60179
Phone: (847)286-7855
Page: (224)532.3447
Team Lead DEI: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>
Team Lead Mobility: Chris
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.> Sta
Ana
Mac Tip/Tricks/Self Service & Support
<http://bit.ly/gMa7TB>
"Any time you choose to be inflexible in your approach to an
unpredictable project you are already building failure into your plan"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2011 10:24 AM
What LDAP system are you pointed to?
---
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-23-2015 03:22 PM
Had an issue today with LDAP not working. We were told years ago to put two LDAP servers in our config for HA reasons. But turns out now that even if one of them fails (VPN to off site AD in this case) no one can login. Seems to block the use of the second AD server too.
Might want to check if you still have the old AD server listed that was to be "sunset".
