bc-server – service user AD
This is a user service which maps Active Directory users and groups into BeyondCron users and roles.
Configuration variables
The following configuration variables can be defined using the config set command. One set, the service can be loaded/reloaded using the user service reload command.
| beyondcron.user.service | AD |
| ad.url | Active Directory server LDAP URL. e.g. ldap://example.com:389/ |
| ad.query.user.dn | Distinguished name of user with read access to Active Directory user and group entries. e.g. Example\beyondcron |
| ad.query.user.password | Password of query user. |
| ad.users.dn | Distinguished name of the node containing Active Directory user entries. e.g. CN=Users,DC=example,DC=com |
| ad.groups.dn | Distinguished name of the node containing Active Directory group entries. Default is ad.users.dn |
| ad.refresh/period | Period in minutes after which the Active Directory user/group → BeyondCron user/role mappings are refreshed. The command user service refresh can be used to refresh on demand. Default is 15 minutes. |
| ad.group.prefix | Any Active Directory groups named with this prefix will be mapped within BeyondCron as roles without the prefix. e.g. bc_operator → operator. Any users belonging to these groups will be registered as belonging to the resultant role. Default is bc_ |
| ad.group.required | If true, only Active Directory users who belong to one or more bc_name groups will be able to login to BeyondCron. Default is false |
ad.query.user.password is a secret configuration variable, and as such can only be viewed by users with write access to /_beyondcron/configuration.
Example
BeyondCron % config set ad.url ldap://example.com:389/
BeyondCron % config set ad.query.user.dn Example\beyondcron
BeyondCron % config set ad.query.user.password Secret!
BeyondCron % config set ad.users.dn CN=Users,DC=Example,DC=com
BeyondCron % config set beyondcron.user.service AD
BeyondCron % user service reload