Setting up User Federation with CNC Console-IAM (LDAP Server integration)

1.To setup User Federation with cncc-iam, go to https://10.75.213.60:30024/cncc/auth .The Welcome page appears. Choose Administration Console.

2.The Log In screen appears. Enter the admin username and password .

3. At the left pane of the screen select Realm Settings > cncc realm. Click on the User Federation at the left pane. The User Federation Screen appears at the right pane.

4.From the drop down list at the User federation screen select the ldap, the Add user federation provider screen appears.

5. Fill the following parameters:

  • Console Display Name: <appropriate name>
  • Vendor:< LDAP server provider for the company>

Note:

This must usually fill in reasonable defaults for many of the fields. But in case you have a different setup than the defaults, enter the correct values to be provided. Current set up is Spring embedded LDAP, so select the last option "Other" from the drop down list. This automatically fills in many of the required fields.

  • Most companies have the "UUID LDAP attribute" value set as "entryUUID". If you don't have this field, than just use another unique identifier. In our demo data, we don't have this field so we will change this value to also "uid"
  • "User Object Classes" is another field that needs to be modified for our demo data. In our ldap-ldif file when you see any user, you can see the objectClass fields and values that the user has. In our case we have four values and cncc-iam only filled in 2 values correctly. We need to provide the rest of the values in the chain i.e. the complete value as "inetOrgPerson, organizationalPerson, person, top" to be able to find the person correctly.
  • Next provide the Fill DN of the LDAP tree where your users are. This path you can also see in ldap-ldif file and looks like this for our demo data : "ou=people,dc=oracle,dc=orgSet search scope to one level, if you want users from one level or subtree, if you have users arranged in subtrees and you want users from all tree levels.
  • Next provide you company LDAP server details, same as you provided for ldap-ldif file already i.e. connection url (hostname prefixed with ldap://), the port.
  • If your LDAP is secured then provide the admin bind username and password else select Bind-type as "noneClick "Test Connection" and "Test Authentication". Both these tests should be successful.
  • Set Cache policy as "NO_CACHE"

6. After filing the required fields, the screen appears as below. Click on Save.

7. New buttons appears next to the Save and Cancel.

8. If a user has to be import to CNCC-IAM, Click on Synchronize all users. If the synchronization is successful, the success message appears. If the synchronization fails, then check the trouble shooting section and look at cncc-iam logs in debug mode.

9. The user can view the imported users by clicking Manage>Users at left pane and click View all users at the right pane. The list of users and details appears.

Note:

The steps 8 and 9 are optional.