Adding and Managing Directories
You can use the Directories tab to add, manage, and configure user directories that contain data about the CCC users and groups.
To use this feature, you need to log on to CCC as an administrator, click the Administration button from the menu bar at the top, followed by Directories tab from the left-side navigation pane. The Directories page that appears contains detailed information about the directories that are already configured in your CCC application.
For adding or configuring a new directory, click the Add Directory button and then provide the following details.
| Field | Explanation |
| Directory Display Name | Enter a name for the directory that you want to configure. |
| Vendor | Select an LDAP vendor. |
| LDAP over SSL |
Check this option if you want to create a secure connection with the LDAP directory. Ensure you have imported an SSL certificate in the CCC server truststore before checking the check-box. To import an SSL certificate in truststore, run the following command: keytool -import -alias <unique_alias> -file <full path of cert file> -storetype JKS -keystore /usr/safenet/ccc/server/standalone/configuration/cacerts.jks -storepass <password> To list all the SSL certificates you've imported, run the following command: keytool -list -storetype JKS -keystore /usr/safenet/ccc/server/standalone/configuration/cacerts.jks NOTE You need to restart the CCC server after importing the SSL certificate. |
| Connection URL |
Provide a connection URL to your LDAP server . (For example, <protocol ldap/ldaps>://<hostname/ip>:<port number>) |
| Username LDAP Attribute | Provide the name of LDAP attribute that is mapped as the CCC user name. |
| RDN LDAP Attribute | Provide the name of LDAP attribute that is used as Relative Distinguished Name (RDN). |
| UUID LDAP Attribute | Provide the name of LDAP attribute that is used as Unique Object Identifier (UUID). |
| User First Name LDAP Attribute |
Provide the name of the mapped first name attribute on the LDAP object. |
| User Last Name LDAP Attribute | Provide the name of the mapped last name attribute on the LDAP object. |
| User Email LDAP Attribute | Provide the name of the mapped email address attribute on the LDAP object. |
| User Object Classes | Provide all values of LDAP objectClass attribute for users in LDAP separated by comma. |
| Users DN | Provide full Distinguished Name (DN) of LDAP tree where your users are. |
| Authentication Type | Select the LDAP Authentication Type. You can choose from None (anonymous LDAP authentication) or Simple (bind credential + bind password authentication) mechanisms. |
| Bind DN | Provide DN of LDAP admin that’ll be used by CCC to access LDAP server. |
| Bind Credential | Provide password of LDAP admin. |
| Custom User LDAP Filter (Optional) | You have the option to provide an additional filter that you can use to filter searched users. Ensure that it begins with “(“ and ends with “)”. |
| Search Scope | You can use search scope options to select the level of search scope. Level One searches for users in DNs specified by user DNs. Subtree searches for users in the entire Subtree. |
| Enable Users Sync | You can enable Users Sync to perform synchronization of LDAP users to CCC at specified intervals. The minimum sync time is 10 minutes. |
Click the Add Directory button after you've entered the required inputs. You'll then be able to see the newly created directory on the Directories page. You can use this page for the following purposes:
>Status: You can use the Status column to validate the status of any directory. A green tick icon before the name of a directory indicates that it is Active. On the other hand, an orange error icon before the name of the directory indicates that it's Inactive.
>Name: You can find the names of all the directories associated with the CCC application in the Names column.
>Connection URL: You can validate connection information of each directory through the Connection URL column.
>Next Sync: In case you've used the Enable Users Sync option to automate syncing for a particular directory, that information will appear here.
>Sync Users: You can use the blue sync icon to sync one or more directories whenever required.
>Last Sync Status: This column will display the details regarding the last syncing, including its timing, status, number of users synced, number of users removed, and users that could not be synced.
>Actions: You can use the Actions column to edit the specifications of a directory or to delete a directory. If you are deleting a directory that you had configured over SSL, it's recommended that you also delete its corresponding SSL certificate from the CCC truststore using the following command:
keytool -delete -alias <certificate_alias> -keystore /usr/safenet/ccc/server/standalone/configuration/cacerts.jks -storepass <password>
NOTE You need to restart the CCC service after deleting the SSL certificate.
