Community
Select to view content in your preferred language

LDAP ArcGIS Portal

4165
1
10-26-2011 07:57 AM
RosaEscamilla_Flores
by
Deactivated User
‎10-26-2011 07:57 AM
I trying to integrate ArcGIS Portal whit LDAP authentication but does not work. Any manual that can help me plase...!. 😞

My environment:

ArcGIS portal-1.6.0.2.16
Windows Server 2008 R2
Apache Directory Studio 1.5.3.v20100330
Apache Directory Server 1.5.7

My best regards...  😉
0 Kudos
1 Reply
DennisGeasan
by
Frequent Contributor
‎11-04-2011 03:45 PM
A place to start if you haven't found it already.  This is more specific to Active Directory but maybe a glimmer to help with apache.

http://help.arcgis.com/en/geoportal_extension/10.0/help/index.html#/Connecting_to_a_User_Directory/0...

An example of the 'identity section in the gpt.xml file.  Pay close attention to the values in the 'users' section.  This has generally worked but I have yet to test the use of the AD groups.  It is also my experience that the geoportal takes a long time to authenticate to AD via LDAP.

<identity encKey="PtkESRI" realm="Geoportal"> 
       <ldapAdapter>
        <ldapConnectionProperties
              providerURL="ldap://<the URI to your LDAP server>:389"
              initialContextFactoryName="com.sun.jndi.ldap.LdapCtxFactory"
              securityAuthentication="simple"
              securityProtocol="">
              <ldapServiceAccount
         securityPrincipal="<add domain user name here>"
                  securityCredentials="<add the password here>"
                  encrypted="false"
      catalogAdminDN="<the AD defined name for the catalog administrator.  This would be different from the securityPrincipal login ID>"/>
     <!-- EXAMPLE catalogAdminDN="CN=Geasan\, Dennis (GIS Technologies),OU=Users,OU=Anchorage Alaska,OU=North America,OU=DLG Corporation,DC=gold,DC=dlg,DC=com"" -->
          </ldapConnectionProperties>  
         
    <singleSignOn
              active="false"
              credentialLocation="userPrincipal"
              anonymousValue=""
              logoutOutcome=""/>
           
          <selfCareSupport
              supportsLogin="true"
              supportsLogout="true"
              supportsUserRegistration="false"
              supportsUserProfileManagement="false"
              supportsPasswordChange="false"
              supportsPasswordRecovery="false"/>
           
  
     
          <roles authenticatedUserRequiresRole="true">
        <role
                  key="gptRegisteredUser"
                  groupDN="<the AD defined name of an AD group created to define the Geoportal Registered Users>"/>
              <role
                  key="gptPublisher"
                  inherits="gptRegisteredUser"
                  groupDN="<the AD defined name of an AD group created to define the Geoportal Publishers>"/>
              <role
                  key="gptAdministrator"
                  inherits="gptPublisher"
                  groupDN="<the AD defined name of an AD group created to define the Geoportal Administratorss>"/>  
          </roles>
        <!--EXAMPLE groupDN="CN=BGC - esri_support,OU=Groups,OU=Toronto Ontario,OU=Corporate,OU=DLG Corporation,DC=gold,DC=dlg,DC=com"-->

          <users
              displayNameAttribute="sAMAccountName"
              passwordEncryptionAlgorithm="SHA"
              newUserDNPattern="cn={0},OU=DLG Corporation,DC=gold,DC=dlg,DC=com"
              usernameSearchPattern="(&amp;(objectclass=person)(sAMAccountName={0}))"
     searchDIT="OU=DLG Corporation,DC=gold,DC=dlg,DC=com">
    
              <requiredObjectClasses>
                  <objectClass name="top"/>
                  <objectClass name="person"/>
                  <objectClass name="organizationalPerson"/>
                  <objectClass name="inetOrgPerson"/>
              </requiredObjectClasses>
              <userAttributeMap>
                  <attribute key="username"     ldapName="sAMAccountName"/>
                  <attribute key="password"     ldapName="userPassword"/>
                  <attribute key="email"        ldapName="mail"/>
                  <attribute key="firstName"    ldapName="givenName"/>
                  <attribute key="lastName"     ldapName="sn"/>
                  <attribute key="organization" ldapName="o"/>
                  <attribute key="affiliation"  ldapName="businessCategory"/>
                  <attribute key="street"       ldapName="street"/>
                  <attribute key="city"         ldapName="l"/>
                  <attribute key="stateOrProv"  ldapName="st"/>
                  <attribute key="postalCode"   ldapName="postalCode"/>
                  <attribute key="country"      ldapName=""/>
                  <attribute key="phone"        ldapName="telephoneNumber"/>
              </userAttributeMap>
          </users>
     
  
          <groups
              displayNameAttribute="cn"
              dynamicMemberOfGroupsAttribute=""
              dynamicMembersAttribute=""
              memberAttribute="member"
              memberSearchPattern="(&amp;(objectclass=group)(member:1.2.840.113556.1.4.1941:={0}))"
     searchDIT="OU=Groups,OU=Toronto Ontario,OU=Corporate,OU=DLG Corporation,DC=gold,DC=dlg,DC=com""> 
          </groups>
       </ldapAdapter>
    </identity>

Hope it helps.
DG
0 Kudos