Integrating with LDAP Directory Services

Integrating with an LDAP directory service allows you to do the following:

  • Look up and populate user information from the directory service for inventory purposes.

  • Add JSS user accounts or groups from the directory service.

  • Require users to log in to Self Service or the enrollment portal using their LDAP directory accounts.

  • Require users to log in during mobile device setup using their LDAP directory accounts.

  • Base the scope of remote management tasks on users or groups from the directory service.

To integrate with an LDAP directory service, you need to add the LDAP server to the Jamf Software Server (JSS). There are two ways to add LDAP servers to the JSS: using the LDAP Server Assistant or manually.

The LDAP Server Assistant guides you through the process of entering information about the LDAP server and ensuring that LDAP attributes are mapped properly. It allows you to integrate with the following directory services:

  • Apple’s Open Directory

  • Microsoft’s Active Directory

  • Novell’s eDirectory

Manually adding an LDAP server involves entering detailed information about the LDAP server and manually configuring attribute mappings. This allows you to integrate with additional directory services.

After you have configured an LDAP directory service in the JSS, you can configure an LDAP Proxy. The LDAP Proxy creates a secure tunnel to allow traffic to pass between a JSS and an LDAP directory service. (For more information, see LDAP Proxy.)

Adding an LDAP Server Using the LDAP Server Assistant

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/16429132/Settings_icon.png .

  3. Click System Settings.

  4. Click LDAP Servers images/download/thumbnails/16429132/LDAP_Servers.png .

  5. Click New images/download/thumbnails/16429132/New_icon.png .

  6. Follow the onscreen instructions to add the LDAP server.

Manually Adding an LDAP Server

Before manually adding an LDAP server, it is important that you are familiar with search bases, object classes, and attributes. If you are not familiar with these concepts, use the LDAP Server Assistant to ensure that attributes are mapped correctly.

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/16429132/Settings_icon.png .

  3. Click System Settings.

  4. Click LDAP Servers images/download/thumbnails/16429132/LDAP_Servers.png .

  5. Click New images/download/thumbnails/16429132/New_icon.png .

  6. Select Configure Manually and click Next.

  7. Use the Connection pane to configure how the JSS connects to the LDAP server.

  8. Use the Mappings pane to specify object class and search base data, and map attributes.

  9. Click Save.

Testing LDAP Attribute Mappings

You can test the following LDAP attribute mappings:

  • User mappings

  • User group mappings

  • User group membership mappings

If the JSS returns the appropriate information, the attributes are mapped correctly.

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/16429132/Settings_icon.png .

  3. Click System Settings.

  4. Click LDAP Servers images/download/thumbnails/16429132/LDAP_Servers.png .

  5. Click the LDAP server you want to test.

  6. Click Test.

  7. Click the appropriate tab and enter information in the field(s) provided.

  8. Click Test again.

Related Information

For related information, see the following sections in this guide:

  • JSS User Accounts and Groups
    Find out how to add JSS user accounts or groups from an LDAP directory service.

  • Self Service User Login Setting
    Find out how to require users to log in to the Self Service application using their LDAP directory accounts.

  • Self Service Mobile
    Find out how to require users to log in to the Self Service app using their LDAP directory accounts.

  • Self Service Web Clip
    Find out how to require users to log in to the Self Service web clip using their LDAP directory accounts.

  • User-Initiated Enrollment for Computers
    Find out how to require users to log in to the enrollment portal using their LDAP directory accounts before enrolling their computers.

  • User-Initiated Enrollment for Mobile Devices
    Find out how to require users to log in to the enrollment portal using their LDAP directory accounts before enrolling their mobile devices.

  • Mobile Device PreStage Enrollments
    Find out how to require users to log in during mobile device setup using their LDAP directory accounts before enrolling their mobile devices using a PreStage enrollment.

  • Scope
    Learn how to configure scope based on users or groups from an LDAP directory service.

For related information, see the following Knowledge Base article:

Configuring the JSS to Use LDAP Over SSL When Authenticating with Active Directory
Find out how to configure the JSS to perform authentication with Active Directory using LDAP over SSL (LDAPS).

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.