Community
Select to view content in your preferred language

ArcGIS for Portal- LDAP Configuration

4821
8
12-04-2016 10:39 PM
krishan_kumarsidh
by
Occasional Contributor
‎12-04-2016 10:39 PM

Hi All,

I am trying to configure ArcGIS For Portal 10.4.1 with LDAP but receiving error-

com.esri.arcgis.portal.admin.core.PortalException: java.lang.Exception: Could not connect to the user store. Please check the configuration and try again.Code: 500

I have provided the json in below format:-

{   "type": "LDAP",   "properties": {     "userPassword": "secret",     "isPasswordEncrypted": "false",     "user": "uid=admin\,ou=system",     "userFullnameAttribute": "cn",     "ldapURLForUsers": "ldap://bar2:10389/ou=users\,ou=ags\,dc=example\,dc=com",     "userEmailAttribute": "mail",     "usernameAttribute": "uid",     "caseSensitive": "false",     "userSearchAttribute": "uid"   } }

Do we have to provided user/userPassword same as Portal Administrator credentials?.
I have replaced ldapURLForUsers with LDAP link provided by my organization administrator.
Thanks in advance.
0 Kudos
8 Replies
MarkBramer
by
Frequent Contributor
‎12-05-2016 07:21 AM

Hi Krishan,

You mention you changed "ldapURLForUsers".  Is that the only property you've changed?  You need to also change "userPassword" and "user" at a minimum, and potentially other properties, depending on your LDAP.  But first start with user and userPassword.  

Mark

0 Kudos
krishan_kumarsidh
by
Occasional Contributor
‎12-07-2016 02:46 AM

Hi Mark,

Thanks for the quick response.

Actualy I am bit confused with user and userPassword. Is this LDAP admin user/password or any user which is present in LDAP?.

Regards,

Krishan

0 Kudos
MarkBramer
by
Frequent Contributor
‎12-07-2016 06:24 AM

Sorry, I should have explained better.  user and userPassword are credentials for someone to log into LDAP.  However, many LDAPs allow anonymous binding (logging in) so you can actually try leaving these two parameters blank and see if you can connect.  

0 Kudos
krishan_kumarsidh
by
Occasional Contributor
‎12-27-2016 11:37 PM

Thanks Mark. I believe user and userPassword will be of any user having read access to LDAP. 

Best Regards,

Krishan  

0 Kudos
MarkBramer
by
Frequent Contributor
‎12-28-2016 06:35 AM

Then you just need to get that user's full distinguished name (DN) and use that for "user" and their password for "userPassword". 

And don't forget about trying anonymous (blank for both).  This is allowed by many places.

RajeshKulandaivelu
by
Emerging Contributor
‎12-08-2016 01:02 PM

Hi Krishna,

I have this format configured, see if this suites you.

{ "type": "LDAP", "properties": { "isPasswordEncrypted": "true", "userFullnameAttribute": "cn", "ldapURLForUsers": "ldap://123.abc.com/dc=123,dc=abc,dc=com", "userPassword": "PASSWORD", "caseSensitive": "false", "userSearchAttribute": "cn", "userEmailAttribute": "mail", "user": "CN=USERID,OU=Infrastructure Accounts,OU=Infrastructure Objects,DC=123,DC=abc,DC=com", "usernameAttribute": "sAMAccountName" } }

You will have to replace all the bold letters matching your organization.

krishan_kumarsidh
by
Occasional Contributor
‎12-27-2016 11:34 PM

Thanks Rajesh. Will give it a try.

0 Kudos
JoelConrad1
by
New Contributor
‎10-01-2020 09:15 AM

4 years later, this was very helpful, Rajesh.  This was the last thing I referenced before it started working.  Thanks!

0 Kudos