Jamf Nation Community

joshuasee · ‎12-17-2014

In the past I've scoped polices to people in a department by adding all office computers, then setting a limitation to the relevant LDAP group, allowing them to run even if the computer wasn't assigned to the department correctly. I'm now at 9.62 and scope limitations offers only the options of Network Segments or iBeacons. Existing policies with limitations by LDAP group seems to still be working, but I can't limit new policies that way. Before I turn this in to a support call has anyone run into this before or have any suggestions on settings to check?

rderewianko · ‎12-17-2014

Scoping out to LDAP is only available after you've enabled the policy to be used via self service. Once you check that box it should show.

View solution in original post

rderewianko · ‎12-17-2014

Scoping out to LDAP is only available after you've enabled the policy to be used via self service. Once you check that box it should show.

joshuasee · ‎12-18-2014

Thank you. Confusingly, it seems to maintain and honor the limitation even after you take the policy off Self Service

rderewianko · ‎12-18-2014

Thats more UX than anything. I'd expect it not to function without self service enabled. Work flow wise, its a bit confusing, as I tend to work left to right in casper, and often have to jump and go back to make it work.
- RD

mm2270 · ‎12-18-2014

Just FYI, its not only Self Service that gives you the LDAP Limitations options. You can also set the trigger to Login or Logout, and the options will show up. Basically, only user based triggers, like login and logout, allow you to set LDAP user and LDAP group limitations or exclusions. If its only a computer level trigger, like Recurring Check-in, it won't show up.
The good news is that you can still enable the Recurring check-in trigger as well as the login/logout trigger and the LDAP options still show up.

Jamf Nation Community

Scope Limitation by LDAP group missing.