4.2.3.1. Adding User Directory

The following guideline describes how to add a new user directory in OPSWAT Central Management.

  1. In the User Directories menu, select ADD NEW USER DIRECTORY.
    images/download/attachments/4089989/image2019-10-2_10-37-40.png

  2. In the General Information step, fill in the required information and select USER DIRECTORY SETTINGS to continue to the next step.
    images/download/attachments/4089989/image2020-5-28_10-24-13.png

    • Name: The name of new user directory.

    • User Directory Type: The type of user directory, either Local or Active Directory.

    • Enable this User directory: Tick this checkbox to immediately enable this directory for use after creation.

  3. The USER DIRECTORY SETTINGS step differs between user directory type.

    1. For Local type user directory, modify the default settings as required and select ADD to finalize the new directory's creation.
      images/download/attachments/4089989/image2020-5-28_10-24-58.png

      • Number of failed logins before lockout: Number of allowed login attempts in 1 minute. Setting it to 0 allows unlimited failed logins.

      • Lockout time (minutes): The length of the lockout period after a user reach maximum amount of failed logins. Setting it to 0 allows unlimited failed logins regardless of the number of failed logins specified.

    2. For Active Directory type user directory, fill in the required information and select TEST CONNECTION to check connection to the Active Directory server. After the connection is verified, select ADD to finalize the new user directory's creation.
      images/download/attachments/4089989/image2020-5-28_10-25-34.png

      • Server Host, Server Port: The address of the Active Directory server.

      • Encryption: The encryption type used by the Active Directory server (None, SSL, StartTLS)

      • User Base DN, Group Base DN: The point where OPSWAT Central Management search for users and groups when adding new users and groups from Active Directories.

      • ADD NEW SERVER: Add an additional Active Directory server entry.

Adding multiple Active Directory servers under the same user directory requires that all these Active Directories share the same credentials.

Log-in of users under user-defined User Directory should follow How to I login to OPSWAT Central Management

Adding an encrypted user directory may require importing its certificate to OPSWAT Central Management's Java Runtime Environment keystore. Please follow the instructions below to add the certificate.

  1. Locate the root certificate file (.crt) for the product instance.

  2. From an elevated command-line interface, enter the command:

    1. For Windows

      "<Java path>\bin\keytool" -importcert -keystore "<Java path>\lib\security\cacerts" -storepass <password> -alias "<alias> -file "<rootCA.crt path>"

      Example:

      "C:\Program Files\Java\jre1.8.0_261\bin\keytool" -importcert -keystore "C:\Program Files\Java\jre1.8.0_261\lib\security\cacerts" -storepass changeit -alias "ocmCA" -file "C:\Users\admin\Downloads\ocm.crt"
    2. For RHEL/Ubuntu:

      "<Java path>/keytool" -importcert -keystore "<Java path>/lib/security/cacerts" -storepass <password> -alias "<alias> -file "<rootCA.crt path>"

      Example:

      "/usr/share/jre1.8.0_261/bin/keytool" -importcert -keystore "/usr/share/jre1.8.0_261/lib/security/cacerts" -storepass changeit -alias "ocmCA" -file "/etc/somewhere/ocm.crt"
      1. <Java path>: The path of the Java installation that OPSWAT Central Management is using. Please note that for JDK, the cacerts file is located at <JDK path>/jre/lib/security/cacerts instead for certain distributions.

      2. <password>: The keystore's password.

      3. <alias>: The certificate's alias.

      4. <rootCA.crt path>: The path to the product instance's root certificate file.

  3. Restart OPSWAT Central Management for the changes to take effect.