Jamf Nation Community

@cpdecker sorry, was on vacation.
No difference. Recreated policy to workaround, but I'm concerned there's bigger issues which I'm investigating.

Same issue, I'm running 10.0.0 and it will not allow me to remove the scope limitations. The only work around I can find, as well, is to clone the profile and make the changes to the clone, then delete the original profile and rename the clone.

It looks like there are a few random issues with the interface:
- this issue
- prestage imaging scope (networks) can't be selected. Modifying an existing clears/breaks scope. PI created for this.
- Can't select packages etc in Configurations @ Settings > Computer Management > Configurations

These all seem interface related IMO.

Just posting to say that on 10.2.0 I'm having the same issue!

Hey all,

Are these limitations limited to an LDAP Group AND has that LDAP Group ID mapping been edited after the initial limitation was applied?

If you're in that specific scenario, this is an issue we're aware of and it's filed under PI-004486.

Please be aware that PI-004486 is very specific to the scenario I've outlined above and if this is not the case for your environment, you would not be running into PI-004486 and there may be something else going on.

If you believe you are running into PI-004486, please contact Support to get a case open and attached to it.

If you are not in the scenario of PI-004486, please contact Support anyway if you have not so they can dig into it deeper and find out what's going on.

Thanks!
Were Wulff
Jamf Customer Experience

I just wanted to share my experience:
We are using Jamf Pro 10.4.1 and we also experience the issue that it is not possible to remove LDAP User Group Limitations in Policies.

One feasible workaround is to deactivate the policy, remove the limitations, save, and then to reenable it. This workaround worked for us and is also "ok" for the time being. We are curious if this issue has been fixed in a later release?

I have seen smart groups and policies that refused to 'accept' the changes, that is after a Save they reverted to the previous setting. The solution proposed by support was to clone the item, do the change, and delete the original item. Rename new item to old item. You might have to check other items that used the old item.

I am having this issue and unfortunately @AndreasRumpl your work around is not working for me. I am on 10.7.1-t1536934276. This has been happening for a while but now it is inhibiting work. Think the only way I can get around this is to use the API to clear them out, but that is a painful process due to the way you have to specify everything in the scope in your API call. and not just remove one item.

@canopimp So, we found a workaround for this.

If you remove all LDAP groups from limitation and add another (any) and save it, it will make the change. You can then go back into the policy and change it to a different LDAP group or remove it altogether.

It looks like somehow those LDAP limitations get intrinsically tied together but it requires more than just deleting both to break that connection to the policy.