3.8.3.1. Adding User Directory

The following guideline describes how to add a new user directory in OPSWAT Central Management.

  1. In the User Directories menu, select ADD NEW USER DIRECTORY.
    images/download/attachments/1967109/image2019-10-2_10-37-40.png

  2. In the General Information step, fill in the required information and select USER DIRECTORY SETTINGS to continue to the next step.
    images/download/attachments/1967109/image2019-10-2_10-38-54.png

    • Name: The name of new user directory.

    • User Directory Type: The type of user directory, either Local or Active Directory.

    • Enable this User directory: Tick this checkbox to immediately enable this directory for use after creation.

  3. The USER DIRECTORY SETTINGS step differs between user directory type.

    1. For Local type user directory, modify the default settings as required and select ADD to finalize the new directory's creation.
      images/download/attachments/1967109/image2019-10-2_10-48-32.png

      • Number of failed logins before lockout: Number of allowed login attempts in 1 minute. Setting it to 0 allows unlimited failed logins.

      • Lockout time (minutes): The length of the lockout period after a user reach maximum amount of failed logins. Setting it to 0 allows unlimited failed logins regardless of the number of failed logins specified.

    2. For Active Directory type user directory, fill in the required information and select TEST CONNECTION to check connection to the Active Directory server. After the connection is verified, select ADD to finalize the new user directory's creation.
      images/download/attachments/1967109/image2019-10-2_11-6-52.png

      • Server Host, Server Port: The address of the Active Directory server.

      • Encryption: The encryption type used by the Active Directory server (None, SSL, StartTLS)

      • User Base DN, Group Base DN: The point where OPSWAT Central Management search for users and groups when adding new users and groups from Active Directories.

      • ADD NEW SERVER: Add an additional Active Directory server entry.

Adding multiple Active Directory servers under the same user directory requires that all these Active Directories share the same credentials.

Adding an encrypted user directory may require importing its certificate to OPSWAT Central Management's Java Runtime Environment keystore. Please follow the instructions below to add the certificate.

  1. Locate the root certificate file (.crt) for the user directory.

  2. From an elevated command-line interface, enter the command:

    "%JRE_HOME%\bin\keytool" -importcert -keystore "%JRE_HOME%\lib\security\cacerts" -storepass <password> -alias "<alias> -file "<rootCA.crt path>"

    Example:

    "%JRE_HOME%\bin\keytool" -importcert -keystore "%JRE_HOME%\lib\security\cacerts" -storepass changeit -alias "ocmCA" -file "C:\Users\admin\Downloads\ocm.crt"

    The host machine should have the JRE_HOME environment variable already set so the command can work properly. Replace the following fields with the correct information.

    • <password>: The keystore's password

    • <alias>: The certificate's alias.

    • <rootCA.crt path>: The path to the user directory's root certificate file.

  3. Restart OPSWAT Central Management for the changes to take effect.