Using AD but unable to get user's "real name" in their Portal for ArcGIS profiles

LoriSemmes · ‎11-14-2013

We found documentation on Portal (see below) for getting a personâ??s â??real nameâ?? vs. their id in their Portal for ArcGIS profiles. However after verifying with our Active Directory team and checking the configuration file in Portal it appears to already be set in the way that would theoretically work â?? however we are only getting the userâ??s ID. Anybody else see this before?

In the Portal documentation to use a personâ??s â??real nameâ?� (such as Jane Doe), there is a reference to the portal-config.properties file in /arcgisportal/arcgis/portal/etc on our portal server.
1. Alter the IDP settings to use Windows Active Directory.
a. Keep the idp.type set to WINDOWS.
b. Set the idp.ad.user to the Windows Active Directory account login that has read access to the domain.
Note:
If the account name or password contains dot (.), comma (,), or backslash (\) characters, you must place a backslash in front of each character. The backslash serves as an escape character.
c. Set the idp.ad.userpassword to the password for the Windows Active Directory account password.
d. Set the idp.ad.user.fullnameattribute to the Active Directory attribute that contains people's real name, such as Jane Doe. This value is used to correctly populate people's full names in their Portal for ArcGIS profiles. This must be provided by your administrator.
e. Set the idp.ad.user.emailattribute to the Active Directory attribute that contains people's email addresses. This is used in people's profiles. This differs from organization to organization; therefore, this must be provided by your Active Directory administrator. If this is not provided, Portal accounts will still work, but personal profiles will not contain email addresses.
f. Verify that the idp.userpassword.encrypted property is set to false.
The properties will look similar to the following after you make your changes:
idp.type=WINDOWS
idp.ad.user=mydomain\\readaccount
idp.ad.userpassword=Abcd1234
idp.ad.user.fullnameattribute=cn
idp.ad.user.emailattribute=mail
idp.userpassword.encrypted=false

JacobBoyle · ‎11-15-2013

You should check with your IT department and confirm the real name field in AD is CN.

LoriSemmes · ‎11-15-2013

Yes we verified that cn should be returning the full name according to our active directory configuration.

WilliamCraft · ‎12-11-2013

I experienced the same behavior... to verify this even past what our IT department provided, I used JXplorer (a free tool which allows you to browse your internal LDAP / AD configuration) to see what the full name attribute is as opposed to the user ID. Sure enough, it was what IT provided... but for whatever reason, altering the value in the properties file and restarting the Portal service does not change the behavior. I could only ever get the ID to appear, not the full name attribute.