User Store

The user store or the identity store is a repository of user accounts and credentials. ArcGIS Server connects to the user store to authenticate a user requesting access to a resource.

In addition to connecting to your enterprise user store such as Windows Domain or any other directory service that supports an LDAP interface, ArcGIS Server also ships with a built-in storage mechanism where you can create your user accounts.

ArcGIS Server requires you to configure a user store while setting up security on your site. The user store configuration is represented in JSON format as follows:

{
    "type": "<BUILTIN | WINDOWS | LDAP | CUSTOM>",
    "properties": "<properties>"
}

Response Properties

BUILTIN Properties

Details

n/a

Description: n/a

LDAP Properties

Details

ldapURLForUsers

Description: The LDAP URL pointing to the user accounts.

Example: ldap://server:389/dc=mydomain,dc=com???(|(objectClass=userProxy)(objectClass=user))?

memberOfAttributeInUsers

Description: The attribute of the user entry that contains role information.

Example: memberOf

usernameAttribute

Description: The attribute of the user entry that is to be treated as the username.

Example: name

adminUser

Description: The administrative account to the LDAP that has at least read access.

Example: cn=admin,cn=users,dc=mydomain,dc=com

adminUserPassword

Description: The credentials for the administrative account.

Example: secret

WINDOWS Properties

Details

adminUser

Description: The administrative account to the LDAP that has at least read access.

Example: cn=admin,cn=users,dc=mydomain,dc=com

adminUserPassword

Description: The credentials for the administrative account.

Example: secret

CUSTOM Properties

Details

class

Description: The fully qualified name of the Java class that implements custom access to the user store.

Example: com.myorg.userstore.DBUserStore

...

Description: Any custom properties that are required by your class.

Example Usage

The JSON representation of a connection to LDAP:

{
    "type": "LDAP",
    "properties": {
        "ldapURLForUsers": "ldap://server:389/dc=mydomain,dc=com???(|(objectClass=user))?",
        "memberOfAttributeInUsers": "memberOf",
        "usernameAttribute": "name",
        "adminUser": "cn=admin,cn=users,dc=mydomain,dc=com",
        "adminUserPassword": "secret"
    }
}

The JSON representation of a connection to Windows Domain users:

{
    "type": "WINDOWS",
    "properties": {
        "adminUser": "ourdomain\\myreadonlyaccount",
        "adminUserPassword": "secret"
    }
}

9/13/2017