Hi,
I succesfully putting in parameter in Geoportal administrator (Portal Administrator Directory) with LDAP.
This is the paramater that i use :
{
"type": "LDAP",
"properties": {
"userPassword": "mysecret",
"sAMAccountName": "uid=username,ou=User Accounts,ou=xxx,ou=yyy",
"caseSensitive": "false",
"userEmailAttribute": "mail",
"usernameAttribute": "uid",
"userFullnameAttribute": "cn",
"ldapURLForUsers": "ldap://myserver.sumtin.com/ou=User Accounts,ou=xxx,ou=yyy,dc=sumtin,dc=com",
"isPasswordEncrypted": "true",
"userSearchAttribute": "sAMAccountName"
}
}
Note : That parameter above is not exactly the same as Esri suggested. I changed the "user" parameter into "sAMAccountName". If its not changed, the configuration will give out error "Failed to connect to the user store."
However, when I try to add member in Geoportal (Geoportal -> Organization -> Add members -> "Add members based on existing enterprise users", there is no users come up. The list is empty. Here is the picture :
it turns out that even-though it says "successful" during the Update Identity Store, it is actually not able to connect to the identity store. There is error when I try to search users in Get Enterprise User (portaladmin -> Home -> Security -> Users -> Get Enterprise Users) that says :
"Error
"
It seems to me that I need to bind it correctly first before able to list all the users.
Any idea on how I should fix this problem ?
thanks
FYI : ArcGIS Portal 10.6.1; Browser is IE 11
@ PMcNeilly-esristaff Please help.
If you turn on automatic account creation, are accounts automatically created per a ldap user when they hit the portal home page?
No.
I cant even connect. But, never mind. Problem is solved now. Checkout my reply.
Here is the correct configuration thats working :
{
"type": "LDAP",
"properties": {
"userPassword": "v24qDsZ1bH2U1cUst7n0Ng==",
"userEmailAttribute": "mail",
"usernameAttribute": "cn",
"user": "sAMAccountName=MY Name,OU=XX,OU=User Accounts,OU=X,OU=Y,DC=Z,DC=com",
"ldapURLForUsers": "ldap://LDAP-address.com/OU=User Accounts,OU=X,OU=Y,DC=Z,DC=com",
"isPasswordEncrypted": "true"
}
}
In LDAP, I can trace my user name by following this path : "CN=MY Name,OU=XX,OU=User Accounts,OU=X,OU=Y,DC=Z,DC=com". This is, probably 95% sure, is the path that you should type on to the "user" parameter part. I remove some parameters as well, like : "caseSensitive" and "userSearchAttribute".
@Angus Hooper. Thanks for replying.