Problem on Adding Windows User to Portal

MatsHardy · ‎11-27-2017

I have configured Portal to secure access using Windows Active Directory. I have tried to add Windows users manually to Portal by Add Members in Portal. When I chooses Add members based on existing enterprise users, Portal does not show any domain users. Anyone has ideas?

Thanks in advance.

RandallWilliams · ‎11-27-2017

The logs in Portaladmin should indicate if there's an issue connecting to the directory server. That's the first place I'd check.

MatsHardy · ‎11-30-2017

The following are the portal logs:

<Msg time="2017-11-22T16:36:01,609" type="WARNING" code="219999" source="Sharing" process="4068" thread="14" methodName="" machine="xxxx" user="" elapsed=""> 在身份儲存提供者中找不到使用者 'yyyy\zzzz'。[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 ]</Msg>
<Msg time="2017-11-22T16:36:02,4" type="WARNING" code="219999" source="Sharing" process="4068" thread="14" methodName="" machine="xxxx" user="" elapsed=""> 在身份儲存提供者中找不到使用者 'yyyy\zzzz'。[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 ]</Msg>
<Msg time="2017-11-23T12:38:39,295" type="WARNING" code="219999" source="Sharing" process="4068" thread="14" methodName="" machine="xxxx" user="" elapsed=""> 在身份儲存提供者中找不到使用者 'yyyy\zzzz'。[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 ]</Msg>
<Msg time="2017-11-23T12:38:39,592" type="WARNING" code="219999" source="Sharing" process="4068" thread="14" methodName="" machine="xxxx" user="" elapsed=""> 在身份儲存提供者中找不到使用者 'yyyy\zzzz'。[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 ]</Msg>
<Msg time="2017-11-23T12:38:40,253" type="WARNING" code="219999" source="Sharing" process="4068" thread="14" methodName="" machine="xxxx" user="" elapsed=""> 在身份儲存提供者中找不到使用者 'yyyy\zzzz'。[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 ]</Msg>
<Msg time="2017-11-23T12:38:45,972" type="WARNING" code="219999" source="Sharing" process="4068" thread="14" methodName="" machine="xxxx" user="" elapsed=""> 在身份儲存提供者中找不到使用者 'yyyy\zzzz'。[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 ]</Msg>

It seems that the Portal cannot retrieve users from AD server.

The following are the user store and group config in portal :

{
"type": "WINDOWS",
"properties": {
    "user": "yyyy\\zzzz",
    "userPassword": "",
    "isPasswordEncrypted": "false",
    "userFullnameAttribute": "cn",
    "userEmailAttribute": "mail",
    "caseSensitive": "false"
}
}

{
"type": "WINDOWS",
"properties": {
    "user": "yyyy\\zzzz",
    "userPassword": "",
    "isPasswordEncrypted": "false"
}
}

RandallWilliams · ‎11-30-2017

Is the password actually encrypted or no? When you save the JSON for this setting, Portal should encrypt the password and set the "isPasswordEncrypted": "false" value to "true".

Cesar_AugustoRodriguez · ‎11-30-2017

Hi Mats Hardy

You can look the next link where describe what you should to do to configure your ArcGIS Enterprise security

Use your portal with LDAP and web-tier authentication—Portal for ArcGIS (10.5.x) | ArcGIS Enterprise

Regards

MatsHardy · ‎12-07-2017

I have figured out what happened. The original domain user account used in user store configuration is without password. Then I tried another domain user account with password. Then the Portal can show domain users this time.