LDAP Server Connections in Jamf Pro

To allow Jamf Pro to connect to your LDAP server, you must provide the following information:

• The appropriate DNS (recommended) or IP address of the server hostname and the listening port number

• LDAP server account (user distinguished name that is used to connect to the LDAP server) and the associated password

LDAP connections can be established in an SSL session. This ensures data that is sent between the LDAP client (Jamf Pro) and the LDAP server is encrypted. LDAP server connections over SSL use the communication port TCP 636 by default. Custom LDAP server configuration can use other ports. A successful connection requires that the LDAP server is configured to issue the server certificate when a client requests an SSL connection, and the client needs to be configured with the trusted root certificate of the CA that issued the server certificate. When configuring Jamf Pro to use the secure LDAP connections, ensure that the fully qualified domain name or URL of your authentication server (the server you are trying to make the connection to) matches the Common Name (CN) or the Subject Field Alternative Name (SAN).

The LDAP Proxy is hosted by the Infrastructure Manager, a service that is managed by Jamf Pro. After you install an instance of the Infrastructure Manager, Jamf Pro allows you to enable an LDAP proxy connection if you have an LDAP server set up in Jamf Pro. For more information, see Jamf Infrastructure Manager Instances in the Jamf Pro Administrator's Guide. The connection between your infrastructure manager instance and the LDAP server over SSL needs to be verified. This may take some time depending on the Recurring Check-In Frequency setting of your infrastructure manager instance configuration. LDAP connections will work only after the successful verification. To find out the status of the verification, see the Jamf Pro Notifications section.