Synchronizing an LDAP Directory Service with Jamf School

Synching with an LDAP directory service allows you to do the following:

  • Look up and populate user information from the directory service for inventory purposes.

  • Add Jamf School user accounts or groups from the directory service.

  • Require users to log in to Jamf School Teacher, Jamf School Student, or Jamf Parent using their LDAP directory accounts.

  • Require users to log in during mobile device setup using their LDAP directory accounts.

  • Base the scope of remote management tasks on users or groups from the directory service.

You can sync with the following active directory services with extended support in Jamf School:

  • Google's Secure LDAP

  • IServ

  • JumpCloud

Note: You can also sync with other directory services that are not listed here.

Requirements

To synchronize Jamf School with an LDAP directory service, you must have an LDAP directory service configured. For more information on the respective directory services, see the following documentation:

Configuring LDAP Synchronization

  1. In Jamf School, navigate to Organization > Settings in the sidebar.

  2. Click the Synchronization payload.

  3. Choose "LDAP" from the Synchronization Method pop-up menu.

  4. (Optional) If you want to ensure the data in Jamf School are up-to-date with the information in your LDAP directory service, configure LDAP automatic synchronization settings from the Automatic synchronization settings pop-up menu.

  5. Enter the LDAP directory service and port in the LDAP Server/Port fields.

  6. Enter the username for the LDAP directory service with the Domain Component in the Username field. For example: CN=Username,DC=example,DC=com

  7. Enter the password for the LDAP directory service in the Password field.

  8. If your directory service maps groups from teacher and student users, do the following:

    1. Enter the Organizational Unit where the student users are located in the OU of students field. For example: OU=Students,OU=Accounts,DC=ad,DC=School,DC=nl

      Note: To sync users from a group instead of the OU, you can also specify the CN. For example: CN=Group,OU=Students,OU=Accounts,DC=ad,DC=School,DC=nl

    2. (JumpCloud only) If you want to sync student users from groups and the users are located in a different OU than the OU of students field, enter the CN of the student group in the OU of student group members field.

      Note: If this field is left blank, Jamf School uses the final value of the CN in the OU of students field.

    3. Enter the Organizational Unit where the teacher users are located in the OU of teachers field. For example: OU=Teachers,OU=Accounts,DC=ad,DC=School,DC=nl

      Note: To sync users from a group instead of the OU, you can also specify the CN. For example: CN=Group,OU=Teachers,OU=Accounts,DC=ad,DC=School,DC=nl

  9. If your directory service maps teacher and student users from groups, enter the OU of the groups in the OU of groups field. For example‌: OU=Groups,OU=Accounts,DC=ad,DC=School,DC=nl

  10. To verify if the directory service username and password you entered is correct, click Test Connection.

  11. Configure LDAP mapping parameters.

  12. To map the group based on the user, enter a value in the Member Of field. For example: memberOf‌

  13. To map the user based on the group, enter a value in the Group Membership field. For example: member‌

  14. (Optional) If the LDAP directory service will be syncing 1,000 or more user records with Jamf School, select the Enable paging checkbox.

  15. (Optional) To search for groups in all groups in the OU, select the Enable recursive groups checkbox.

  16. (Google's Secure LDAP only) Select the Authenticate using a client certificate checkbox, and then upload the custom certificate and custom key generated in Google's Secure LDAP.

  17. Click Save.

If configured, information from the LDAP directory service syncs daily with Jamf School during the selected time. Users imported from an LDAP directory service have a value of "LDAP" for the source on the user overview in Jamf School.

Related Information

For related information, see Setting Up LDAP Authentication in Jamf School.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.