Update to LDAP signing requirements and ArcGIS Enterprise

02-07-2020 11:52 AM
Esri Regular Contributor
2 2 1,801

Users are asking us how ArcGIS Enterprise may be affected by Microsoft blocking unsigned LDAP communication in Active Directory starting in March 2020.

ArcGIS Enterprise itself is not affected by this as long as connections to active directory can be made using LDAPS (port 636). To meet this requirement, be sure that LDAPS is available on your Active Directory servers.


However, *if* your organization is using the Java Web adaptor (which itself requires a J2EE server like Tomcat/Glassfish/Weblogic etc) and you’re using web tier authentication and Active Directory, then the J2EE application server must itself be configured to connect to the directory server using LDAPS.


Even if ArcGIS Enterprise is configured to use LDAP over plaintext port 389, it will attempt to first connect via LDAPS (port 636) first regardless. Front end application servers are unlikely to follow this pattern and will communicate with the directory server as literally configured.