-
All replies
-
Helpful answers
-
Jan 20, 2016 3:55 AM in response to Leopardusby pvlvsk,Yes, allow Access to "mydevices" and allow download config profile is activated in the about tab of the group...
-
Jan 20, 2016 4:51 AM in response to pvlvskby Leopardus,pvlvsk wrote:
Yes, allow Access to "mydevices" and allow download config profile is activated in the about tab of the group...
Initially, we allow device enrolment as well, but we close it afterwards. Later we do open a window for a certain time again, to allow for changes.
You could try it. Maybe have a look at your everybody/all users setting as well. This is something small, but I cant lay my finger on it!
Leo
-
Jan 20, 2016 6:44 AM in response to Leopardusby pvlvsk,That is the problem, that I can't allow device enrollment, because our OpenLDAP users aren't visible in profile manager. All groups including "Everyone" have the enrollment option activated...
With the help of Blaidd Drwg now the users can authenticate at the mydevices page, but are getting a "no permission" error and are still not visible in profile manager. Proxying OpenLDAP Users in OD groups doesn't work as well. I need an another solution....
I thought already of wrapping OpenLDAP in an another AD, but it is much way overkill for just wanting users be able to authenticate at Profile Manager page of OSX Server. That's a very frustrating experience, Apple!
-
Jan 23, 2016 10:27 AM in response to pvlvskby Leopardus,Could you confirm that you did bind the Mac to your Ubuntu LDAP before creating the Open Directory? If not, you will probably have to start over, at least with the Open Directory.
Leo
-
Jan 28, 2016 3:15 AM in response to pvlvskby Blaidd Drwg,Sorry, I don't remember having this problem in earlier versions.
I'm not sure, but it might be that Profile Manager is searching for users with certain attributes that are not present in your LDAP directory. If it doesn't find any matching records, that could explain why you don't see them in Profile Manager.
-
Jan 28, 2016 6:16 AM in response to pvlvskby Leopardus,Which is why the AD/OpenLDAP has to be created before the Open Directory of OS X. We know that PM requires the use of Open Directory, and it will only function correctly with it. But it has to BIND to the Open LDAP before the creation of the Open Directory. Only then will it function correctly.
Leo