I have a new field tech whose LDAP account I need to add to several policy scopes. The policies are scoped using Static User Groups, and up until today have never had any issues.
I can add the tech's LDAP account to the JSS console (Settings/User accounts and groups) without issue, so I know the LDAP lookups are working as expected. The tech has the same privilege set as all of my other field techs.
I watched the tech log into the JSS console and self service app, so the LDAP account is active, they know their password and the login works.
Our JSS is hosted in the cloud w/ Jamf Infrastructure Manager, which passes all communications tests, and we are using SSO with external 2fa, all of which works fine.
What I cannot do, in any way, shape or form, is add the tech's LDAP account to a scope or a static group.
When I try to add to a Static user group, I edit the group, go to "Assignments" tab, where I see a list of all users that can be added, enter their LDAP account to the search field, and get no results.
Their LDAP account does not appear in the list of all users when I clear the search results.
I get the same behavior when trying to add directly to the scope via the Users tab.
Any account that is shown in the list can be added to the group and/or the policy without issue; for some reason this one user does not appear in the Assignments list or policy scope.
Has anyone else seen this behavior? What I am I missing here?