topic Re: Setting Geoportal / ArcGISPortal using LDAP in ArcGIS Enterprise Questions

Setting Geoportal / ArcGISPortal using LDAP

yockee — Thu, 29 Aug 2019 04:16:32 GMT

Hi,

I succesfully putting in parameter in Geoportal administrator (Portal Administrator Directory) with LDAP.

This is the paramater that i use :

{
"type": "LDAP",
"properties": {
"userPassword": "mysecret",
"sAMAccountName": "uid=username,ou=User Accounts,ou=xxx,ou=yyy",
"caseSensitive": "false",
"userEmailAttribute": "mail",
"usernameAttribute": "uid",
"userFullnameAttribute": "cn",
"ldapURLForUsers": "ldap://myserver.sumtin.com/ou=User Accounts,ou=xxx,ou=yyy,dc=sumtin,dc=com",
"isPasswordEncrypted": "true",
"userSearchAttribute": "sAMAccountName"
}
}

Note : That parameter above is not exactly the same as Esri suggested. I changed the "user" parameter into "sAMAccountName". If its not changed, the configuration will give out error "Failed to connect to the user store."

However, when I try to add member in Geoportal (Geoportal -> Organization -> Add members -> "Add members based on existing enterprise users", there is no users come up. The list is empty. Here is the picture :

it turns out that even-though it says "successful" during the Update Identity Store, it is actually not able to connect to the identity store. There is error when I try to search users in Get Enterprise User (portaladmin -> Home -> Security -> Users -> Get Enterprise Users) that says :

"Error

[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]

It seems to me that I need to bind it correctly first before able to list all the users.

Any idea on how I should fix this problem ?

thanks

FYI : ArcGIS Portal 10.6.1; Browser is IE 11

@ PMcNeilly-esristaff Please help.

Re: Setting Geoportal / ArcGISPortal using LDAP

AngusHooper1 — Tue, 03 Sep 2019 00:42:56 GMT

If you turn on automatic account creation, are accounts automatically created per a ldap user when they hit the portal home page?

Re: Setting Geoportal / ArcGISPortal using LDAP

yockee — Tue, 03 Sep 2019 03:09:39 GMT

No.

I cant even connect. But, never mind. Problem is solved now. Checkout my reply.

Re: Setting Geoportal / ArcGISPortal using LDAP

yockee — Tue, 03 Sep 2019 03:12:04 GMT

Here is the correct configuration thats working :

{
"type": "LDAP",
"properties": {
  "userPassword": "v24qDsZ1bH2U1cUst7n0Ng==",
    "userEmailAttribute": "mail",
    "usernameAttribute": "cn",
    "user": "sAMAccountName=MY Name,OU=XX,OU=User Accounts,OU=X,OU=Y,DC=Z,DC=com",
    "ldapURLForUsers": "ldap://LDAP-address.com/OU=User Accounts,OU=X,OU=Y,DC=Z,DC=com",
    "isPasswordEncrypted": "true"
}
}

In LDAP, I can trace my user name by following this path : "CN=MY Name,OU=XX,OU=User Accounts,OU=X,OU=Y,DC=Z,DC=com". This is, probably 95% sure, is the path that you should type on to the "user" parameter part. I remove some parameters as well, like : "caseSensitive" and "userSearchAttribute".

@Angus Hooper. Thanks for replying.