Update Identity Store

Description

Updates the location and properties for the user and role store in your ArcGIS Server site.

While the GIS server does not perform authentication when the authentication tier selected is WEB_ADAPTOR, it requires access to the role store for the administrator to assign privileges to the roles. This operation causes the SOAP and REST service endpoints to be redeployed (with the new configuration) on every server machine in the site, and therefore this operation must be used judiciously.

The table below describes the supported combinations for the user and role stores:

User\Roles

Built-in

Windows

LDAP

Built-in

Supported

Windows

Supported

Supported (same instance)

LDAP

Supported

Supported (same instance)

If your organization includes multiple LDAP servers, you can specify the additional servers using the failOverLDAPServers property. This allows you to configure your organization's highly-available LDAP with ArcGIS Server. When using the property, specify the LDAP server hostname followed by the server's port number. Separate this information with a colon (:), for example, hostname1:10636. To specify multiple LDAP servers, separate each server with a comma (,), for example, hostname1:10636,hostname2:10636.

Although both LDAP and LDAPS URLs are supported, LDAPS is highly recommended to ensure encrypted network traffic between the portal and LDAP server. If LDAPS is not available, an LDAP URL can be used but traffic will be sent in clear-text. Example usage for each are provided below.

NoteNote:

If you're specifying the failOverLDAPServers property after you initially configured the identity store, you'll need to re-enter the adminUserPassword for both the user and role store.

Request Parameters

Parameter

Details

userStoreConfig

Description: The JSON object representing the user store configuration.

roleStoreConfig

Description: The JSON object representing the role store configuration.

f

Description: The response format. The default response format is html.

Values: html | json

Example Usage - LDAPS (highly recommended)

https://server:port/arcgis/admin/security/config/updateIdentityStore
	userStoreConfig={
   "type": "LDAP",
   "properties": {
     "adminUserPassword": "aaa",
     "adminUser": "CN=aaa,ou=users,ou=ags,dc=example,dc=com",
     "ldapURLForUsers": "ldaps://xxx:10636/ou=users,ou=ags,dc=example,dc=com",
     "usernameAttribute": "cn",
     "failOverLDAPServers": "hostname1:10636,hostname2:10636"
  }
	
https://server:port/arcgis/admin/security/config/updateIdentityStore
 roleStoreConfig={
   "type": "LDAP",
   "properties": {
      "ldapURLForRoles": "ldaps://xxx:10636/ou=roles,ou=ags,dc=example,dc=com",
      "adminUserPassword": "aaa",
      "adminUser": "CN=aaa,ou=users,ou=ags,dc=example,dc=com",
      "memberAttributeInRoles": "uniquemember",
      "ldapURLForUsers": "ldaps://xxx:10636/ou=users,ou=ags,dc=example,dc=com",
      "rolenameAttribute": "cn",
      "usernameAttribute": "cn",
      "failOverLDAPServers": "hostname1:10636,hostname2:10636"
    }
  }

Example Usage - LDAP

http://server:port/arcgis/admin/security/config/updateIdentityStore
	userStoreConfig={
   "type": "LDAP",
   "properties": {
     "adminUserPassword": "aaa",
     "adminUser": "CN=aaa,ou=users,ou=ags,dc=example,dc=com",
     "ldapURLForUsers": "ldap://xxx:10389/ou=users,ou=ags,dc=example,dc=com",
     "usernameAttribute": "cn",
     "failOverLDAPServers": "hostname1:10389,hostname2:10389"
  }
	
http://server:port/arcgis/admin/security/config/updateIdentityStore
 roleStoreConfig={
   "type": "LDAP",
   "properties": {
      "ldapURLForRoles": "ldap://xxx:10389/ou=roles,ou=ags,dc=example,dc=com",
      "adminUserPassword": "aaa",
      "adminUser": "CN=aaa,ou=users,ou=ags,dc=example,dc=com",
      "memberAttributeInRoles": "uniquemember",
      "ldapURLForUsers": "ldaps://xxx:10389/ou=users,ou=ags,dc=example,dc=com",
      "rolenameAttribute": "cn",
      "usernameAttribute": "cn",
      "failOverLDAPServers": "hostname1:10389,hostname2:10389"
    }
  }

7/27/2017