Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. If you like what you see, join us in person at the ninth annual Jamf Nation User Conference (JNUC) this October for three days of learning, laughter and IT love.

Netsus setup with Ldap login

Hello,
We currently are not using ldap for JSS cloud and we intend to keep it that way. However, we want to use AD login for the NetSUS server. I have followed the instructions from here: http://content.jamfcloud.com/NetBootSUSLPServerUserGuide_v4.0.0.pdf but I am not sure if I used the right distinguished name/ldap url/etc. Do I have to create a new OU in Active Directory for this? Should n't i need to input an AD service account to login to ldap?

Thanks

Like Comment
Order by:
SOLVED Posted: by cgalik

Do you mean you want to use ldap to login to the NetSUS web page for administration? If so, what I did was to just use the standard hostname of a domain controller in the format suggested on the config page (ldaps://hostname.domain:636), then our domain name in the "LDAP Domain" field below (domain.tld), and for administrative groups, I just put in the name of the AD group I want to be able to manage the system. Seems to work okay. My only issue so far is that I haven't got ldaps to work, as the NetSUS system doesn't trust the certificate being presented by the domain controller, so I've only been able to do it with insecure ldap on port 389.

Like
SOLVED Posted: by jelockwood

I am now trying to get LDAP authentication working for the NetSUS webadmin site.

I had a look at the 'manual' and it really does not talk about this at all - not even for an AD perspective. In my case I am not using AD I am using FreeIPA which is a more generic LDAP server. I have various other more traditional Apache and PHP websites successfully using LDAP authentication to this FreeIPA server and I am even making progress on using it to authenticate Mac logins for mobile accounts. So NetSUS is pretty much the last one needing to be done.

If as is implied the 'standard' NetSUS code is biased to a 'real' AD server are there any tips on what files to modify to for example customise search bases for LDAP and whatever else might be needed?

It sounds like ideally more configuration options would be exposed in the settings page to do this rather than having to hand edit the code. This would however require JAMF (or someone) to enhance the code and I get the impression JAMF are no longer actively developing it.

Like