User profile for user: gakushaburu
gakushaburu Author
User level: Level 1
146 points

How can Profile Manager be configured to use LDAP

There are a number of existing threads on the challenges of setting up Profile Manager with an external LDAP server. Most seem to imply it's possible but none seem to have an explanation of how to get it working.


I have a fresh installation of El Capitan with Server.app 5.2 in a virtual machine (the choice of OS is only because I am moving away from a physical server with that OS). I plan to use this VM purely for Profile Manager.


The network has been set up, the VM is bound to the LDAP server and Server.app is installed. I only want to use the Profile Manager service and if at all possible not run Open Directory on the VM.


In the Profile Manager section of Server.app I can see the users and groups set up in LDAP. There is one local (admin) account and, at least in terms of what displays in Server.app, no local groups.


Profile Manager is "on" and the status displays as "Available at fqdn/profilemanager"

DNS is working and nslookup of the fqdn and of the IP address both return the correct results.


If I click on "Open in Safari" next to Profile Manager at the bottom of the dialog, I can log in as the local admin user and see all the LDAP users and groups.


If I go to https://fqdn/profilemanager in Safari on another machine I get a "This Connection Is Not Private" warning (which I assume is because I'm using a self-signed certificate) and after trusting the certificate the login screen is displayed and I can log in as the user created on the VM. Once logged in I can see the LDAP users and groups listed. The navigation menu on the left does not include devices or device groups.


Attempting to log in as an LDAP user fails on both machines.


For the "My Devices" page I get the same login failure with LDAP credentials on both machines and successfully log in with the admin account (although there are no profiles available).


If I attempt to configure Device Management it seems to start with a dialog to create a Directory Administrator account for Open Directory in Server.app. There is nowhere to specify a remote directory.


Is it possible to set up Profile Manager without running Open Directory with this version of Server.app? If not which versions support it? I may have an older version archived somewhere.

Posted on Nov 7, 2021 4:39 PM

Reply

Similar questions

2 replies
User profile for user: gakushaburu
gakushaburu Author
User level: Level 1
146 points

Nov 8, 2021 5:51 PM in response to DanielleM182

Thank you, but unfortunately there is no information on the linked page which refers to access from Server.app or gives details of any necessary mappings. It describes a process I have already been through.


LDAP searches and binding already work whether I use the "From Server" setting or the "RFC 2307" template.


It is pointing Server.app at the LDAP server and avoiding the "you'll need to configure your server as a network directory" step when configuring device management that I'm trying to configure.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

How can Profile Manager be configured to use LDAP

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up