bc-serverservice user AD

This is a user service which maps Active Directory users and groups into BeyondCron users and roles.

Configuration variables

The following configuration variables can be defined using the config set command. One set, the service can be loaded/reloaded using the user service reload command.

beyondcron.user.service AD
ad.url Active Directory server LDAP URL.
e.g. ldap://example.com:389/
ad.query.user.dn Distinguished name of user with read access to Active Directory user and group entries.
e.g. Example\beyondcron
ad.query.user.password Password of query user.
ad.users.dn Distinguished name of the node containing Active Directory user entries.
e.g. CN=Users,DC=example,DC=com
ad.groups.dn Distinguished name of the node containing Active Directory group entries. Default is ad.users.dn
ad.refresh/period Period in minutes after which the Active Directory user/group → BeyondCron user/role mappings are refreshed. The command user service refresh can be used to refresh on demand. Default is 15 minutes.
ad.group.prefix Any Active Directory groups named with this prefix will be mapped within BeyondCron as roles without the prefix. e.g. bc_operatoroperator. Any users belonging to these groups will be registered as belonging to the resultant role. Default is bc_
ad.group.required If true, only Active Directory users who belong to one or more bc_name groups will be able to login to BeyondCron. Default is false

ad.query.user.password is a secret configuration variable, and as such can only be viewed by users with write access to /_beyondcron/configuration.


BeyondCron % config set ad.url ldap://example.com:389/
BeyondCron % config set ad.query.user.dn Example\beyondcron
BeyondCron % config set ad.query.user.password Secret!
BeyondCron % config set ad.users.dn CN=Users,DC=Example,DC=com
BeyondCron % config set beyondcron.user.service AD
BeyondCron % user service reload

See also

  • service user AWS
  • service user Unix