Skip To Content

Configuring a highly available LDAP with ArcGIS Server

When you configure ArcGIS Server with your organization's LDAP (Lightweight Directory Access Protocol) identity store, you can only specify one LDAP server in ArcGIS Server Manager. If your organization includes multiple LDAP servers, you can specify the additional servers using the ArcGIS Server Administrator Directory. This allows you to configure your organization's highly-available LDAP with ArcGIS Server.

Before proceeding, configure ArcGIS Server with one of your organization's LDAP servers. For more information, see Configuring ArcGIS Server security. To configure your organization's highly-available LDAP with ArcGIS Server, see the steps below.

  1. Log in to the ArcGIS Server Administrator Directory with an account that has administrator access to your site. The URL is typically available at http://gisserver.domain.com:6080/arcgis/admin.
  2. Click security > config > updateIdentityStore.
  3. In the user and role store configuration input boxes, add the failOverLDAPServers property to the JSON, for example:

    User store configuration JSON:

    {
      "type": "LDAP",
      "properties": {
        "adminUserPassword": "aaa",
        "adminUser": "CN=aaa,ou=users,ou=ags,dc=example,dc=com",
        "ldapURLForUsers": "ldap://xxx:10389/ou=users,ou=ags,dc=example,dc=com",
        "usernameAttribute": "cn",
        "failOverLDAPServers": "hostname1:10389,hostname2:10389"
      }
    }

    Role store configuration JSON:

    {
      "type": "LDAP",
      "properties": {
        "ldapURLForRoles": "ldap://xxx:10389/ou=roles,ou=ags,dc=example,dc=com",
        "adminUserPassword": "aaa",
        "adminUser": "CN=aaa,ou=users,ou=ags,dc=example,dc=com",
        "memberAttributeInRoles": "uniquemember",
        "ldapURLForUsers": "ldap://xxx:10389/ou=users,ou=ags,dc=example,dc=com",
        "rolenameAttribute": "cn",
        "usernameAttribute": "cn",
        "failOverLDAPServers": "hostname1:10389,hostname2:10389"
      }
    }
  4. Specify the LDAP server hostname followed by the server's port number. Separate this information with a colon (:), for example, hostname1:10389. To specify multiple LDAP servers, separate each server with a comma (,), for example, hostname1:10389,hostname2:10389.
  5. Reenter the adminUserPassword for the user and role store.
  6. Click Update.

ArcGIS Server is now configured with your organization's highly-available LDAP.