Integrating with LDAP Directory Services

Integrating with an LDAP directory service allows you to do the following:

  • Look up and populate user information from the directory service for inventory purposes.

  • Add Jamf Pro user accounts or groups from the directory service.

  • Require users to log in to Self Service or the enrollment portal using their LDAP directory accounts.

  • Require users to log in during mobile device setup using their LDAP directory accounts.

  • Base the scope of remote management tasks on users or groups from the directory service.

    Note: Jamf Pro may experience performance issues if too many LDAP groups are included in the scope of an object. If you need to use multiple LDAP criteria within a scope, consider creating a smart group with those criteria, and then scope to that smart group instead.

To integrate with an LDAP directory service, you need to add the LDAP server to Jamf Pro. There are two ways to add LDAP servers to Jamf Pro: using the LDAP Server Assistant or manually.

The LDAP Server Assistant guides you through the process of entering information about the LDAP server and ensuring that LDAP attributes are mapped properly. It allows you to integrate with the following directory services:

  • Apple’s Open Directory

  • Microsoft’s Active Directory

  • NetIQ eDirectory

Note: When your configuration uses SSL, the LDAP server must be configured to issue the server certificate when Jamf Pro requests an SSL connection. If the server certificate is not natively trusted, in Jamf Pro, you need to add the trusted root certificate of the CA that issued the server certificate.

Manually adding an LDAP server involves entering detailed information about the LDAP server and manually configuring attribute mappings. This allows you to integrate with additional directory services.

Adding an LDAP Server Using the LDAP Server Assistant

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/81932129/Icon_Settings_Hover.png .

  3. Click System Settings.

  4. Click LDAP Servers images/download/thumbnails/81932129/LDAP_Servers.png .

  5. Click New images/download/thumbnails/81932129/Icon_New_Button.png .

  6. Follow the onscreen instructions to add the LDAP server.

Manually Adding an LDAP Server

Before manually adding an LDAP server, it is important that you are familiar with search bases, object classes, and attributes. If you are not familiar with these concepts, use the LDAP Server Assistant to ensure that attributes are mapped correctly.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/81932129/Icon_Settings_Hover.png .

  3. Click System Settings.

  4. Click LDAP Servers images/download/thumbnails/81932129/LDAP_Servers.png .

  5. Click New images/download/thumbnails/81932129/Icon_New_Button.png .

  6. Select Configure Manually and click Next.

  7. Use the Connection pane to configure how Jamf Pro connects to the LDAP server.

  8. Use the Mappings pane to specify object class and search base data, and map attributes.

  9. Click Save images/download/thumbnails/81531754/floppy-disk.png .

Testing LDAP Attribute Mappings

You can test the following LDAP attribute mappings:

  • User mappings

  • User group mappings

  • User group membership mappings

If Jamf Pro returns the appropriate information, the attributes are mapped correctly.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/81932129/Icon_Settings_Hover.png .

  3. Click System Settings.

  4. Click LDAP Servers images/download/thumbnails/81932129/LDAP_Servers.png .

  5. Click the LDAP server you want to test.

  6. Click Test images/download/thumbnails/80748624/verification.png .

  7. Click the appropriate tab and enter information in the fields provided.

  8. Click Test again.

Related Information

For related information, see the following sections in this guide:

  • Cloud Identity Providers Integration
    Find out how to integrate with a Cloud Identity Provider (e.g., Google Secure LDAP Service).

  • LDAP Proxy
    Find out how to configure an LDAP Proxy after you have configured an LDAP directory service in Jamf Pro.

For related information, see the following Knowledge Base articles:

Configuring Jamf Pro to Use LDAP Over SSL When Authenticating with Active Directory
Find out how to configure Jamf Pro to perform authentication with Active Directory using LDAP over SSL (LDAPS).

LDAP Attribute Mappings Reference
Explains the manual configuration settings of an Active Directory LDAP server.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.