When setting up Jamf Pro, one of the options you have is to integrate it with your company, school or institution’s LDAP-based directory service. Connecting Jamf Pro to LDAP allows you to query your organization’s directory service for information and also allows the use of your existing user accounts and groups when requiring logins or scoping policies.
When setting up Jamf Pro to connect to a directory service, there’s a Use Wildcards When Searching setting with the following description:
Allow partial matches to be returned when searching the LDAP directory
What this setting does is that it allows Jamf Pro to use wildcards when making LDAP searches of your directory service. That allows Jamf Pro to return search results that may only partially match what you told it to search the directory service for.
For directory services with fewer than five thousand user accounts and/or groups, having this option enabled is usually fine. However, once the directory service is larger than that, disabling the Use Wildcards When Searching setting may dramatically speed up user and group lookups. For more details, please see below the jump.
In my own shop, the directory service used by Jamf Pro has far more than five thousand users and groups. With the Use Wildcards When Searching setting enabled, lookups usually take a minimum of five seconds and a maximum of seven seconds.
With the Use Wildcards When Searching setting disabled, lookups now take between 0.03 and 0.001 seconds.
The downside to disabling wildcard searching is that you will need to search your directory service using the exact user or group name you want as your search criteria. Any result which is not an exact match will not be returned by the search. That said, the performance improvement usually makes this a worthwhile trade-off for losing the ability to search using wildcards.
To disable wildcard searching, use the following procedure:
1. Log into Jamf Pro.
2. Go into your Jamf Pro management settings:
Settings: System Settings: LDAP Servers: Your Directory Service Name Here (substitute your actual settings for Your Directory Service Name Here.)
4. Click the Edit button to edit the Your Directory Service Name Here settings.
3. Scroll to the bottom and locate the Use Wildcards When Searching setting.
4. If the setting is checked, uncheck it.
5. Click the Save button to save your changes.