User Store

The user store or the identity store is a repository of user accounts and credentials. ArcGIS Server connects to the user store to authenticate a user requesting access to a resource.

In addition to connecting to your enterprise user store such as Windows Domain or any other directory service that supports an LDAP interface, ArcGIS Server also ships with a built-in storage mechanism where you can create your user accounts.

ArcGIS Server requires you to configure a user store while setting up security on your site.

User store properties

LDAP

Property	Details
`ldapURLForUsers`	The LDAP URL pointing to the user accounts. Example Use dark colors for code blocksCopy `1 "ldapURLForUsers": "ldap://server:389/dc=mydomain,dc=com???(\|(objectClass=userProxy)(objectClass=user))?"`
`memberOfAttributeInUsers`	The attribute of the user entry that contains role information. Example Use dark colors for code blocksCopy `1 "memberOfAttributeInUsers": "memberOf"`
`usernameAttribute`	The attribute of the user entry that is to be treated as the username. Example Use dark colors for code blocksCopy `1 "usernameAttribute": "name"`
`adminUser`	The administrative account to the LDAP that has at least read access. Example Use dark colors for code blocksCopy `1 "adminUser": "cn=admin,cn=users,dc=mydomain,dc=com"`
`adminUserPassword`	The credentials for the administrative account. Example Use dark colors for code blocksCopy `1 "adminUserPassword": "secret"`

Windows

Property Details

Property	Details
`adminUser`	The administrative account to the LDAP that has at least read access. Example Use dark colors for code blocksCopy `1 "adminUser": "cn=admin,cn=users,dc=mydomain,dc=com"`
`adminUserPassword`	The credentials for the administrative account. Example Use dark colors for code blocksCopy `1 "adminUserPassword": "secret"`
`useSSLOnly`	This property applies to the Windows Active Directory only. It enforces encrypted communication between ArcGIS Server and Active Directory. When the property is set to `true`, if encrypted communication fails, ArcGIS Server does not attempt to communicate without encryption. This property is set to `false` by default. Values: `true` \| `false`

adminUser

The administrative account to the LDAP that has at least read access.

Example
Use dark colors for code blocksCopy
"adminUser": "cn=admin,cn=users,dc=mydomain,dc=com"

adminUserPassword

The credentials for the administrative account.

Example
Use dark colors for code blocksCopy
"adminUserPassword": "secret"

useSSLOnly

This property applies to the Windows Active Directory only. It enforces encrypted communication between ArcGIS Server and Active Directory. When the property is set to true, if encrypted communication fails, ArcGIS Server does not attempt to communicate without encryption. This property is set to false by default.

Values: true | false

Custom

Properties	Details
`class`	The fully qualified name of the Java class that implements custom access to the user store. Example Use dark colors for code blocksCopy `1 "class": "com.myorg.userstore.DBUserStore"`
`...`	Any custom properties that are required by your class.

User store syntax

Use dark colors for code blocksCopy
{
  "type": "<BUILTIN | WINDOWS | LDAP | CUSTOM>",
  "properties": "<properties>"
}

User store examples

The JSON representation of a connection to LDAP:

Use dark colors for code blocksCopy
{
  "type": "LDAP",
  "properties": {
    "userPassword": "secret",
    "isPasswordEncrypted": "false",
    "user": "uid=admin,ou=system",
    "userFullnameAttribute": "displayName",
    "userGivenNameAttribute": "givenName",
    "userSurnameAttribute": "sn",
    "ldapURLForUsers": "ldap://ldapserver:10636/ou=users,ou=ags,dc=example,dc=com",
    "userEmailAttribute": "mail",
    "usernameAttribute": "uid",
    "caseSensitive": "false",
    "userSearchAttribute": "dn",
  }
}

The JSON representation of a connection to Windows Domain users:

Use dark colors for code blocksCopy
{
  "type": "WINDOWS",
  "properties": {
    "userPassword": "secret",
    "isPasswordEncrypted": "false",
    "user": "mydomain\\winaccount",
    "userFullnameAttribute": "displayName",
    "userEmailAttribute": "mail",
    "userGivenNameAttribute": "givenName",
    "userSurnameAttribute": "sn",
    "caseSensitive": "false"
  }
}