Testing a .p12 Keystore File and Connection

Jamf Connect Documentation
Solution
Application
Jamf Connect
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

  1. Test the configuration with the ldapsearch command line tool using the following: 
    LDAPTLS_IDENTITY="LDAP Client" ldapsearch -uLLL -w 'USERPASSWORDGOESHERE' -D 'USERNAME@GOOGLEDOMAIN.EXT' -H ldaps://ldap.google.com -b 'dc=USERNAME@GOOGLEDOMAIN.EXT'
    Substitute the following fields in the command after the command flags: :
    -wUser's password. Enclose the password in single quotes. (e.g., 'userP@$$w*rd' ).
    -DUser's username in User Principle Name (UPN) or email address format (e.g., user.connect@example.com).
    -bUser's username in DC format (e.g., dc=user.connect@example.com).
  2. Confirm that your authentication result is successful.
    Note: These are sample results.
    Successful (Your result may include information about group membership in addition to user information.)
    admin@macos-11 ~ % LDAPTLS_IDENTITY="LDAP Client" ldapsearch -uLLL -w theRightPasswordGoesHere -D 'first.last@example.com' -H ldaps://ldap.google.com -b 'dc=first.last@example.com'
dn: dc=user,dc=connect@example,dc=com
ufn: user.connect@example.com
objectClass: top
objectClass: domain
objectClass: dcObject
dc: user
 
dn: ou=Groups,dc=first,dc=last@example,dc=com
ufn: Groups, first.last@example.com
objectClass: top
objectClass: organizationalUnit
ou: Groups
 
dn: ou=Users,dc=first,dc=last@example,dc=com
ufn: Users, first.last@example.com
objectClass: top
objectClass: organizationalUnit
ou: Users
description: OrganizationName
    Unsuccessful: The user is unknown and an incorrect password was entered.
    admin@macos-11 ~ % LDAPTLS_IDENTITY="LDAP Client" ldapsearch -uLLL -w wrongpassw0rd -D 'first.last@example.com' -H ldaps://ldap.google.com -b 'dc=first.last@example.com'
ldap_bind: Invalid credentials (49)
    additional info: Incorrect password
    Unsuccessful: The user is part of the Google Workspace domain but not part of the group of users allowed to authenticate with this LDAP server.
    admin@macos-11 ~ % LDAPTLS_IDENTITY="LDAP Client" ldapsearch -uLLL -w SuperSecretPassword -D 'first.last@example.com' -H ldaps://ldap.google.com -b 'dc=first.last@example.com'
ldap_bind: Insufficient access (50)
    additional info: Not authorized to authenticate password
    Unsuccessful: The LDAP certificate is missing or incorrectly permissioned (i.e., not scoped to allow all apps access or scoped to a user level instead of a system level certificate) or the LDAP service is turned off in admin.google.com.
    admin@macos-11 ~ % LDAPTLS_IDENTITY="LDAP Client" ldapsearch -uLLL -w macOSJNUC.8 -D 'first.last@example.com' -H ldaps://ldap.google.com -b 'dc=first.last@example.com'
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)