JumpCloud as LDAP provider in JamfCloud (JamfPro)

Following the default Active Directory mappings, and freeIPA, let’s have a look at another way of adding LDAP integration to Jamf Pro: Jumpcloud.com

Just for the record, before going any further: Jamf, Jamf Pro, JamfCloud and now… a blogpost about JumpCloud? Don’t get confused, JumpCloud is not a Jamf product 🙂 . It’s a 3rd party Directory-as-a-service provider.

As it’s not my intention to give any advise on what 3rd party tool or solution you should use, I’d like to invite you to have a look at their website and see if the provided services are a good match for your environment and deployment needs.

However, my goal here is to “quickly” run through the steps to integrate it in JamfCloud. Also, for those who don’t have a JumpCloud account yet, good news: you get 10 user licences for free, forever and no credit card needed!

Once your Jump Cloud account is up and running, let’s have a look at how to integrate in Jamf Pro, including the mistakes I made initially.

Continue reading “JumpCloud as LDAP provider in JamfCloud (JamfPro)”

Jamf LDAP and freeIPA

This will be a short one, promised. For this mid-week post I’ll go for a quick share of some default settings again: integrate freeIPA as LDAP provider in Jamf Pro.

Maybe less common than Active Directory or other more mainstream Directory Services, but still, handy to have some default references to crosscheck when needed. 

Recently I was asked to help with adding freeIPA in Jamf Pro, as the mappings did not work correctly. 

I must admit, I’m not a freeIPA expert, but yeah, always game for a challenge. So I spun up a small VM on my home lab ESXI, installed freeIPA, created some test users and checked the basic user attributes with “ldapsearch” in Terminal. Just to check what the default attributes in freeIPA are and map those in Jamf Pro.

Continue reading “Jamf LDAP and freeIPA”

Jamf, Nomad, Jamf Connect… just WOW ! What a surprise !

Wow, what a surprise indeed! That moment you are in the middle of mentioning the capabilities of Nomad to the sys admin you are on-boarding in Jamf Pro… the news of the year rolls in…!

Nomad is Jamf… wait, what? Can’t be?!… Time for a small break in the on-boarding session to figure out what just happened!

Yes, there is was, the email from Dean (Jamf CEO), followed by a lot of excitement in the internal chats, emails and other channels. Indeed, Nomad is Jamf and there is Jamf Connect now… just WOW!

But why all the fuzz? What’s Nomad anyway? Why is this such a big news?

Continue reading “Jamf, Nomad, Jamf Connect… just WOW ! What a surprise !”

Default LDAP mapping for Active Directory in Jamf

In today’s post I’d like to go through adding LDAP integration to Jamf Pro, with Microsoft Active Directory as Directory server, and more specific: share the default settings in case you have to configure the LDAP integration manually. So no magic in this post, just sharing the default workflow and AD mappings which might come in handy. I’ll share some other Directory Service mappings soon, such as freeIPA, OD,…

Before we start diving into the settings, just remember that, if you are a Jamf Cloud customer, you will first need to grant Jamf Cloud access to your AD server. Either by Whitelisting the IP adresses of Jamf Cloud, or by installing a Jamf Infrastructure Manager or ‘JIM’ in your DMZ. See my post on ‘JIM’: )

Once this is done, you can go into the settings of Jamf Pro and configure the LDAP connection using the wizard. Jamf Pro will automatically try to fetch the Directory settings and mappings.

Continue reading “Default LDAP mapping for Active Directory in Jamf”

How to change the default Jamf Pro port to 443… and why you might want to keep it on 8443.

Many people have asked me how to change the default port that Jamf Pro is using for the SSL communication, which is by default 8443. Or even change it to any other custom port (when terminating SSL behind a load balancer for instance).

First off all, and this is very important, do not change the Jamf Pro port in a production environment with enrolled devices. The port is part of the URL that the devices trust for MDM enrollment and management. Changing the port breaks the enrollment and you will have to re-enroll all devices!

Secondly, configuring Jamf Pro behind a load balancer is beyond the goal of this post. For such more complex setups, I’d advise to have a look at the Jamf 350 course. 

Continue reading “How to change the default Jamf Pro port to 443… and why you might want to keep it on 8443.”