- URL:https://<config-url>/updateIdentityStore
(POST only)
- Required Capability:Default administrator role | Security and Infrastructure | Servers
- Version Introduced:10.1
Description
This operation updates the location and properties for the user and role store in your ArcGIS Server site.
While the GIS server does not perform authentication when the authentication tier selected is WEB_ADAPTOR, it requires access to the role store for the administrator to assign privileges to the roles. This operation causes the SOAP and REST service endpoints to be redeployed (with the new configuration) on every server machine in the site, and therefore this operation must be used judiciously.
The table below describes the supported combinations for the user and role stores:
User\Roles | Built-in | Windows | LDAP |
---|---|---|---|
Built-in | Supported | ||
Windows | Supported | Supported (same instance) | |
LDAP | Supported | Supported (same instance) |
If your organization includes multiple LDAP servers, you can specify the additional servers using the failOverLDAPServers property. This allows you to configure your organization's highly-available LDAP with ArcGIS Server. When using the property, specify the LDAP server hostname followed by the server's port number. Separate this information with a colon (:), for example, hostname1:10636. To specify multiple LDAP servers, separate each server with a comma (,), for example, hostname1:10636,hostname2:10636.
Although both LDAP and LDAPS URLs are supported, LDAPS is highly recommended to ensure encrypted network traffic between the portal and LDAP server. If LDAPS is not available, an LDAP URL can be used but traffic will be sent in clear-text. Example usage for each are provided below.
Note:
If you're specifying the failOverLDAPServers property after you initially configured the identity store, you'll need to re-enter the adminUserPassword for both the user and role store.
Request parameters
Parameter | Details |
---|---|
userStoreConfig | The JSON object representing the user store configuration. |
roleStoreConfig | The JSON object representing the role store configuration. |
f | The response format. The default response format is html. Values: html | json| pjson |
Example usage
LDAPS (highly recommended)
Below is a sample POST request for updateIdentityStore, formatted for readability:
POST /webadaptor/admin/security/config/updateIdentityStore HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []
userStoreConfig={
"type": "LDAP",
"properties": {
"userPassword": "secret",
"isPasswordEncrypted": "false",
"user": "uid=admin,ou=system",
"userFullnameAttribute": "displayName",
"userGivenNameAttribute": "givenName",
"userSurnameAttribute": "sn",
"ldapURLForUsers": "ldaps://ldapserver:10636/ou=users,ou=ags,dc=example,dc=com",
"userEmailAttribute": "mail",
"usernameAttribute": "uid",
"caseSensitive": "false",
"userSearchAttribute": "dn",
}
}&roleStoreConfig={
"type": "LDAP",
"properties": {
"ldapURLForRoles": "ldaps://xxx:10636/ou=roles,ou=ags,dc=example,dc=com",
"adminUserPassword": "aaa",
"adminUser": "CN=aaa,ou=users,ou=ags,dc=example,dc=com",
"memberAttributeInRoles": "uniquemember",
"ldapURLForUsers": "ldaps://xxx:10636/ou=users,ou=ags,dc=example,dc=com",
"rolenameAttribute": "cn",
"usernameAttribute": "cn",
"failOverLDAPServers": "hostname1:10636,hostname2:10636"
}
}&f=json
LDAP
Below is a sample POST request for updateIdentityStore, formatted for readability:
POST /webadaptor/admin/security/config/updateIdentitytStore HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []
userStoreConfig={
"type": "LDAP",
"properties": {
"userPassword": "secret",
"isPasswordEncrypted": "false",
"user": "uid=admin,ou=system",
"userFullnameAttribute": "displayName",
"userGivenNameAttribute": "givenName",
"userSurnameAttribute": "sn",
"ldapURLForUsers": "ldap://ldapserver:10636/ou=users,ou=ags,dc=example,dc=com",
"userEmailAttribute": "mail",
"usernameAttribute": "uid",
"caseSensitive": "false",
"userSearchAttribute": "dn",
}
}&roleStoreConfig={
"type": "LDAP",
"properties": {
"ldapURLForRoles": "ldap://xxx:10389/ou=roles,ou=ags,dc=example,dc=com",
"adminUserPassword": "aaa",
"adminUser": "CN=aaa,ou=users,ou=ags,dc=example,dc=com",
"memberAttributeInRoles": "uniquemember",
"ldapURLForUsers": "ldap://xxx:10389/ou=users,ou=ags,dc=example,dc=com",
"rolenameAttribute": "cn",
"usernameAttribute": "cn",
"failOverLDAPServers": "hostname1:10389,hostname2:10389"
}
}&f=json
JSON Response example
{"status": "success"}