Integrating Jamf Pro (Cloud) and on-premise Active Directory via LDAP

agarrett
New Contributor

Hi,

We are looking to integrate our on-premise Active Directory environment with Jamf Pro (cloud hosted) in order to allow our admins to use their AD accounts. Eventually, we will use Single Sign On via ADFS.

Unfortunately, I'm struggling to follow the documentation and after searching this Discussion Board, it appears I'm not the only one.

Actions so far;
Jamf Infrastructure Manager installed on-premise [JAMF01] and verified it is communicating with Jamf Cloud correctly.
LDAP server manually configured (trying to use the wizard will not pass the first step).

Issues;
LDAP Testing fails with the error "Unable to connect to the LDAP Server." Suggestion: Ensure you can connect to ldap://dc.fqdn:389
Using the FQDN of the domain controller fails immediately. Using the IP address appears to time out before failing with the same error message.
Configuring JAMF01 as an LDAP Proxy Server seems to make no difference. I can see in the jamf-im log that the Proxy Server has started and is listening correctly.

Question: How do I go about troubleshooting this? Is there a documented process that shows how the data flows that I can follow to verify what's working and what's not?

Thanks in advance for your help.

Aiden

4 REPLIES 4

PhillyPhoto
Valued Contributor

What's failing to connect exactly, the local Infra Manager, or your cloud instance to the domain?

Chris_Hafner
Valued Contributor II

Just to make sure, your LDAP Proxy (JAMF01) cannot pull LDAP records? You may also have a DNS issue if you can't resolve the FQDN from that box. I can check with my network admin tomorrow if this is still an issue with you. We just did this about two weeks ago and had some minor internal hoops to jump through to resolve things like this.

j0n3s0055
New Contributor

Hi,
Chris, did you have time to find out anything more about this issue? Thanks,
Nicole

JohnNull
New Contributor

We had a similar issue. Jamf recommended each and every one of our DCs have a SAN cert for the proxy due to Java's new settings. Or you can turn off cert checking by adding a startup option to java to turn off SSL checks on LDAP lookups specifically ....

https://www.oracle.com/technetwork/java/javase/8u181-relnotes-4479407.html