ArcGIS for server uses user configuration in AD

ArcGIS for server uses user configuration in AD

1. Overview

By default, ArcGIS Server uses the internal storage mode to manage users and roles. This mode stores information based on the file format. Of course, ArcGIS Server also supports taking over user and role information from a third party, such as using users and roles in the enterprise system. Currently, the supported enterprise user systems include LDAP and Windows AD. LDAP is a standard directory service protocol, available in Open Source implementation versions and commercial versions. Windows AD is also a directory service. If you use a third-party user system, ArcGIS Server can only manage users and roles in read-only mode.

A third-party user system can take over users and roles at the same time. A third-party user system takes over users only, and the role still uses the built-in storage provided by ArcGIS Server.

2. Ad takes over the user configuration of ArcGIS Server

2.1 installation environment

ArcGIS for Server Installation version: 10.2.2, which is installed on a machine in a non-Domain environment. It is installed by default. After the installation is complete, add the machine to the domain environment.

If it is on a machine in a domain environment, it is also feasible to install ArcGIS Server with a local account. In this case, no tests are conducted.

Note: during the test, if the server's machine is not added to the domain environment, you can use the domain account to normally access the shared directory in the domain, but set the server to take over the user by ad, always Prompt connection failure.

2.2 Ad takes over user information configuration

Log on to the ArcGIS for Server Manager site, open security settings, and modify configuration settings.

(1) select to use ad to take over the user, and the role will still use the default mode

(2) Select Windows Domain

(3) enter the domain administrator account

(4) There are two authentication methods for ArcGIS Server: ArcGIS Server Token Authentication and web server authentication. Corresponding to the GIS server layer verification and web layer verification. Web-layer authentication requires Web adaptor support. Simply, select GIS server layer verification.

(5) After the settings are complete, open the user information to view the users read from the Active Directory.

Note: Only Hany and Xinli are custom users. Other users are from the default users on the Active Directory Server. The krbtgt user is not found under the ad user.

2.2 Ad takes over user and role information configuration at the same time

The user and role in the Active Directory configured by ArcGIS Server are the same as those in the preceding steps. After the configuration is complete, you can view the role information.

Note: The roles read from server are from the security groups, global security groups, and general security groups in the local region of builtin and users in AD.

3. Other configuration considerations (from help)

3.1 configure nested groups in AD

ArcGIS Server provides custom ASP. NET providers to support nested groups.

(1) verify whether the support elements of the ArcGIS Server. Net extension module are installed on the computer hosting the server. You can run this operation by starting the ArcGIS Server installer and checking the list of selected features to be installed.

(2) Open the ArcGIS Server Admin directory.

(3) Select security à config à updateidentitystore.

Under user store configuration, enter:

{

"Type": "asp_net ",

"Class": "agsmembershipprovider. agsadmembershipprovider ",

"Properties ":{

"Adminuserpassword": "[User Password]",

"Adminuser": "[domain] \ [user name]"

}

}

Under role store configuration, enter:

{

"Type": "asp_net ",

"Class": "agsmembershipprovider. agsadroleprovider ",

"Properties ":{

"Adminuserpassword": "[User Password]",

"Adminuser": "[domain] \ [user name]"

}

}

(4) Click Update.

3.2 login settings refuse to log on to the computer hosting the ad

(1) set the server to support nested groups in AD.

(2) log on to the host ad machine and open the ad user information under the Server Manager.

(3) Find the Organization Unit of the domain account specified in server security configuration and open the account attributes.

(4) log on to the account and add the server's machine.

Note: This method only allows this account to access the specified machine.

?

?

?

?

ArcGIS for server uses user configuration in AD