ArcGIS for Portal- LDAP Configuration

4356
8
12-04-2016 10:39 PM
krishan_kumarsidh
New Contributor III

Hi All,

I am trying to configure ArcGIS For Portal 10.4.1 with LDAP but receiving error-

com.esri.arcgis.portal.admin.core.PortalException: java.lang.Exception: Could not connect to the user store. Please check the configuration and try again.Code: 500

I have provided the json in below format:-

{   "type": "LDAP",   "properties": {     "userPassword": "secret",     "isPasswordEncrypted": "false",     "user": "uid=admin\,ou=system",     "userFullnameAttribute": "cn",     "ldapURLForUsers": "ldap://bar2:10389/ou=users\,ou=ags\,dc=example\,dc=com",     "userEmailAttribute": "mail",     "usernameAttribute": "uid",     "caseSensitive": "false",     "userSearchAttribute": "uid"   } }

Do we have to provided user/userPassword same as Portal Administrator credentials?.
I have replaced ldapURLForUsers with LDAP link provided by my organization administrator.
Thanks in advance.
0 Kudos
8 Replies
MarkBramer
Occasional Contributor II

Hi Krishan,

You mention you changed "ldapURLForUsers".  Is that the only property you've changed?  You need to also change "userPassword" and "user" at a minimum, and potentially other properties, depending on your LDAP.  But first start with user and userPassword.  

Mark

0 Kudos
krishan_kumarsidh
New Contributor III

Hi Mark,

Thanks for the quick response.

Actualy I am bit confused with user and userPassword. Is this LDAP admin user/password or any user which is present in LDAP?.

Regards,

Krishan

0 Kudos
MarkBramer
Occasional Contributor II

Sorry, I should have explained better.  user and userPassword are credentials for someone to log into LDAP.  However, many LDAPs allow anonymous binding (logging in) so you can actually try leaving these two parameters blank and see if you can connect.  

0 Kudos
krishan_kumarsidh
New Contributor III

Thanks Mark. I believe user and userPassword will be of any user having read access to LDAP. 

Best Regards,

Krishan  

0 Kudos
MarkBramer
Occasional Contributor II

Then you just need to get that user's full distinguished name (DN) and use that for "user" and their password for "userPassword". 

And don't forget about trying anonymous (blank for both).  This is allowed by many places.

RajeshKulandaivelu
New Contributor II

Hi Krishna,

I have this format configured, see if this suites you.

{ "type": "LDAP", "properties": { "isPasswordEncrypted": "true", "userFullnameAttribute": "cn", "ldapURLForUsers": "ldap://123.abc.com/dc=123,dc=abc,dc=com", "userPassword": "PASSWORD", "caseSensitive": "false", "userSearchAttribute": "cn", "userEmailAttribute": "mail", "user": "CN=USERID,OU=Infrastructure Accounts,OU=Infrastructure Objects,DC=123,DC=abc,DC=com", "usernameAttribute": "sAMAccountName" } }

You will have to replace all the bold letters matching your organization.

krishan_kumarsidh
New Contributor III

Thanks Rajesh. Will give it a try.

0 Kudos
JoelConrad1
New Contributor

4 years later, this was very helpful, Rajesh.  This was the last thing I referenced before it started working.  Thanks!

0 Kudos