I just installed a vanilla instance of ArcGIS Server 10.3.1 on Windows 2008. From the manager webapp I opened Security -> Settings, then configured the server to use:
User Store: LDAP
Role Store: LDAP
Authentication Tier: Web
Authentication Mode: Web
Then I opened Security -> Roles and clicked the edit icon next to the role I want to use as administrator. I get the expected message:
Role information is being managed externally in your enterprise's LDAP server. As a result, this information cannot be modified in Manager. Only the 'Role Type' attribute, which is managed by ArcGIS Server, can be modified.
I click the radio button to set Role Type to Administrator and click Save. After working on it for 30 seconds or so, this message is displayed:
Another administrative operation is currently accessing the store. Please try again later.
I have tried everything I can think of from trying again later, to a full uninstall/reinstall of ArcGIS server… Any suggestions as to what could be causing this?
— UPDATE —
I tried following this process on a brand new Windows 2012 VM. Same problem… The headache continues…
— UPDATE 2 —
I uninstalled everything and this time installed 10.4 following the same instructions. Now when I try to set the Role Type, I get a much more informative error:
Illegal char <|> at index 52: C:\arcgisserver\config-store\/security/roles\global |-| global arcgis administrators.json\
It looks like ArcGIS LDAP integration does not support all valid names. I can't really see a way around this other than:
- File a report with ESRI
- Replicate group to another one with a name not including an
|character.
ARGH!
— Update 3 —
For ESRI, the role name is Global |-| Global ArcGIS Administrators
Best Answer
While this doesn't help my situation, the answer is, ArcGIS Server does not support all the same characters in Role names as LDAP does. Hence, having a role with
|in the name, will cause the edit operation to fail with the ever-so-useful error: