Update Identity Store

URL:: https://<root>/security/config/updateIdentityStore
Methods:: POST
Required Capability:: Access allowed with either the "Security and Infrastructure" or "Servers" privileges
Version Introduced:: 10.1

Description

The updateIdentityStore operation updates the location and properties for the user and role store in your ArcGIS Server site.

While the GIS server does not perform authentication when the authentication tier selected is WEB_ADAPTOR, it requires access to the role store for the administrator to assign privileges to the roles. This operation causes the SOAP and REST service endpoints to be redeployed (with the new configuration) on every server machine in the site, and therefore this operation must be used judiciously.

The table below describes the supported combinations for the user and role stores:

UserRoles	Built-in	Windows	LDAP
Built-in	Supported
Windows	Supported	Supported (same instance)
LDAP	Supported		Supported (same instance)

If your organization includes multiple LDAP servers, you can specify the additional servers using the failOverLDAPServers property. This allows you to configure your organization's highly-available LDAP with ArcGIS Server. When using the property, specify the LDAP server hostname followed by the server's port number. Separate this information with a colon (:), for example, hostname1:10636. To specify multiple LDAP servers, separate each server with a comma (,), for example, hostname1:10636,hostname2:10636.

Although both LDAP and LDAPS URLs are supported, LDAPS is highly recommended to ensure encrypted network traffic between the portal and LDAP server. If LDAPS is not available, an LDAP URL can be used but traffic will be sent in clear-text. Example usage for each are provided below.

Request parameters

Parameter Details

Parameter	Details
`userStoreConfig`	The JSON object representing the user store configuration.
`roleStoreConfig`	The JSON object representing the role store configuration.
`f`	The response format. The default response format is `html`. Values: `html` \| `json` \| `pjson`

userStoreConfig

The JSON object representing the user store configuration.

roleStoreConfig

The JSON object representing the role store configuration.

f

The response format. The default response format is html.

Values: html | json | pjson

Example usages

LDAPS (highly recommended)

The following is a sample POST request for the updateIdentityStore operation:

Use dark colors for code blocksCopy
POST /webadaptor/admin/security/config/updateIdentityStore HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

userStoreConfig={
  "type": "LDAP",
  "properties": {
    "userPassword": "secret",
    "isPasswordEncrypted": "false",
    "user": "uid=admin,ou=system",
    "userFullnameAttribute": "displayName",
    "userGivenNameAttribute": "givenName",
    "userSurnameAttribute": "sn",
    "ldapURLForUsers": "ldaps://ldapserver:10636/ou=users,ou=ags,dc=example,dc=com",
    "userEmailAttribute": "mail",
    "usernameAttribute": "uid",
    "caseSensitive": "false",
    "userSearchAttribute": "dn",
  }
}&roleStoreConfig={
  "type": "LDAP",
  "properties": {
    "ldapURLForRoles": "ldaps://xxx:10636/ou=roles,ou=ags,dc=example,dc=com",
    "adminUserPassword": "aaa",
    "adminUser": "CN=aaa,ou=users,ou=ags,dc=example,dc=com",
    "memberAttributeInRoles": "uniquemember",
    "ldapURLForUsers": "ldaps://xxx:10636/ou=users,ou=ags,dc=example,dc=com",
    "rolenameAttribute": "cn",
    "usernameAttribute": "cn",
    "failOverLDAPServers": "hostname1:10636,hostname2:10636"
  }
}&f=pjson

LDAP

The following is a sample POST request for the updateIdentityStore operation:

Use dark colors for code blocksCopy
POST /webadaptor/admin/security/config/updateIdentitytStore HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

userStoreConfig={
  "type": "LDAP",
  "properties": {
    "userPassword": "secret",
    "isPasswordEncrypted": "false",
    "user": "uid=admin,ou=system",
    "userFullnameAttribute": "displayName",
    "userGivenNameAttribute": "givenName",
    "userSurnameAttribute": "sn",
    "ldapURLForUsers": "ldap://ldapserver:10636/ou=users,ou=ags,dc=example,dc=com",
    "userEmailAttribute": "mail",
    "usernameAttribute": "uid",
    "caseSensitive": "false",
    "userSearchAttribute": "dn",
  }
}&roleStoreConfig={
  "type": "LDAP",
  "properties": {
    "ldapURLForRoles": "ldap://xxx:10389/ou=roles,ou=ags,dc=example,dc=com",
    "adminUserPassword": "aaa",
    "adminUser": "CN=aaa,ou=users,ou=ags,dc=example,dc=com",
    "memberAttributeInRoles": "uniquemember",
    "ldapURLForUsers": "ldap://xxx:10389/ou=users,ou=ags,dc=example,dc=com",
    "rolenameAttribute": "cn",
    "usernameAttribute": "cn",
    "failOverLDAPServers": "hostname1:10389,hostname2:10389"
  }
}&f=pjson

JSON Response example

Use dark colors for code blocksCopy
{"status": "success"}