Integrating with LDAP Directory Services

Integrating with an LDAP directory service allows you to do the following:

  • Look up and populate user information from the directory service for inventory purposes.

  • Add Jamf Pro user accounts or groups from the directory service.

  • Require users to log in to Self Service or the enrollment portal using their LDAP directory accounts.

  • Require users to log in during mobile device setup using their LDAP directory accounts.

  • Base the scope of remote management tasks on users or groups from the directory service.

To integrate with an LDAP directory service, you need to add the LDAP server to Jamf Pro. There are two ways to add LDAP servers to Jamf Pro: using the LDAP Server Assistant or manually.

The LDAP Server Assistant guides you through the process of entering information about the LDAP server and ensuring that LDAP attributes are mapped properly. It allows you to integrate with the following directory services:

  • Apple’s Open Directory

  • Microsoft’s Active Directory

  • Novell’s eDirectory

Manually adding an LDAP server involves entering detailed information about the LDAP server and manually configuring attribute mappings. This allows you to integrate with additional directory services.

After you have configured an LDAP directory service in Jamf Pro, you can configure an LDAP Proxy. The LDAP Proxy creates a secure tunnel to allow traffic to pass between Jamf Pro and an LDAP directory service. (For more information, see LDAP Proxy.)

Adding an LDAP Server Using the LDAP Server Assistant

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/16441996/Icon_Settings_Hover.png .

  3. Click System Settings.

  4. Click LDAP Servers images/download/thumbnails/16441996/LDAP_Servers.png .

  5. Click New images/download/thumbnails/16441996/Icon_New_Button.png .

  6. Follow the onscreen instructions to add the LDAP server.

Manually Adding an LDAP Server

Before manually adding an LDAP server, it is important that you are familiar with search bases, object classes, and attributes. If you are not familiar with these concepts, use the LDAP Server Assistant to ensure that attributes are mapped correctly.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/16441996/Icon_Settings_Hover.png .

  3. Click System Settings.

  4. Click LDAP Servers images/download/thumbnails/16441996/LDAP_Servers.png .

  5. Click New images/download/thumbnails/16441996/Icon_New_Button.png .

  6. Select Configure Manually and click Next.

  7. Use the Connection pane to configure how Jamf Pro connects to the LDAP server.

  8. Use the Mappings pane to specify object class and search base data, and map attributes.

  9. Click Save.

Testing LDAP Attribute Mappings

You can test the following LDAP attribute mappings:

  • User mappings

  • User group mappings

  • User group membership mappings

If Jamf Pro returns the appropriate information, the attributes are mapped correctly.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/16441996/Icon_Settings_Hover.png .

  3. Click System Settings.

  4. Click LDAP Servers images/download/thumbnails/16441996/LDAP_Servers.png .

  5. Click the LDAP server you want to test.

  6. Click Test.

  7. Click the appropriate tab and enter information in the fields provided.

  8. Click Test again.

Related Information

For related information, see the following sections in this guide:

For related information, see the following Knowledge Base article:

Configuring Jamf Pro to Use LDAP Over SSL When Authenticating with Active Directory
Find out how to configure Jamf Pro to perform authentication with Active Directory using LDAP over SSL (LDAPS).

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.