This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

MacOS - LDAP + Filevault

Posted on 05-24-2023 05:20 AM
sofist
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hello,

Implemented LDAP on MacOS machines
https://support-google-com.translate.goog/a/answer/9089736?_x_tr_sl=en&_x_tr_tl=pt&_x_tr_hl=pt-BR&_x...

I can login via the network, the problem is when the email account password expires and needs to be changed, filevault cannot synchronize it and therefore I cannot login with the network account with the new password, someone has already gone through something like that ?

0 5 875
Topic Labels
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
Marcin_Milewski
Staff
Reply posted on --/--/---- --:-- AM

Hey @sofist

You would like to have the password synced between the identities (The one used within the LDAP with Cloud Identity to be precise), if that's correct, you can achieve it in two ways: 
- If you have different identity provider, you can Enable SSO, It's not a password syncing method, but that way the users are able to get into the service (GW), using their 3th party Identity service, so they have one account and one password, instead of two identities and password sync in place. You need to apply strong password policy and 2FA if it's supported by your identity provider to make such setup secure - if your provider doesn't offer such security features, you can also use Post SSO verification.
- If your company have an Active Directory setup, where the user detail is stored, you can also implement Password Sync this Google service, syncs the user password to Google Workspace, Whenever a user's Active Directory password is changed.

Hope this helps,
Have a great day,
Marcin

0 Likes

Posted on --/--/---- --:-- AM
sofist
Bronze 3
Bronze 3
In response to Marcin_Milewski
Reply posted on --/--/---- --:-- AM

I'm using this tutorial below and I managed to configure LDAP with google, I can authenticate the network account on MacOS, the problem is when changing the email account password, when changing the system it does not update the startup keys and with that I can't log back in on Mac

https://support.google.com/a/answer/9089736?hl=en&sjid=6818355279229082363-SA

0 Likes

Posted on --/--/---- --:-- AM
Kirubakaran
Bronze 4
Bronze 4
In response to sofist
Reply posted on --/--/---- --:-- AM

Hi @sofist 

Yes, I'm facing the same issue too with my work Mac which is connected to our Google's Secure LDAP (ldap.google.com). When I change the password in myaccount.google.com it doesn't sync with my network profile in Mac. I'm also trying to figure out the way to at least manually sync the network password with the MacOS. 

Let me know if you already sorted out this issue.

Thanks,
Kirubakaran 

0 Likes

Posted on --/--/---- --:-- AM
sofist
Bronze 3
Bronze 3
In response to Kirubakaran
Reply posted on --/--/---- --:-- AM

I was unable to solve this problem, every time the password is changed in myaccount, it does not synchronize with LDAP and we are no longer able to log in

I am testing it on JAMF Connect

0 Likes

Posted on --/--/---- --:-- AM
Kirubakaran
Bronze 4
Bronze 4
In response to sofist
Reply posted on --/--/---- --:-- AM

Got it
My findings: Network login works fine and I changed my password in myaccount.google.com and it sync with the network account (ldap.google.com) right away and I can login with the new network password, however issue only with the Mobile user account.

Once I created a mobile user account for the same network user - it's just like local account, network password change doesn't sync with the local account but I can still login with the old password just fine. 


0 Likes
Top Labels in this Space
Top Solution Authors
View all