Connecting to an Active Directory in CostOS

  1. Login to CostOS Web Console()
  2. Choose User Management ()>LDAP Configuration
  3. Enter the values for the settings, as described below.
  4. Save the directory settings

Notes:

  • Logged user should have 'Create/edit Users' role

Server settings

Setting

Description

Active

Active/Deactivated interval Synchronization

Hostname

The host name of your directory server. Examples:

  • ad.mydomain.com
  • ldap.mydomain.com
  • opends.mydomain.com
Port

The port on which your directory server is listening. Examples:

  • 389
  • 636 (for example, for SSL)
Bind Dn

The distinguished name of the user that the application will use when connecting to the directory server.

Examples:

  • cn=administrator,cn=users,dc=ad,dc=example,dc=com
  • cn=user,dc=domain,dc=name
  • user@domain.name

By default, all users can read the uSNChanged attribute. The specific privileges required by the user to connect to LDAP are "Bind" and "Read" (user info, group info, group membership), which the user can obtain by being a member of the Active Directory's built-in administrators group.

PasswordThe password of the user specified above.
Base DN

The root distinguished name (DN) to use when running queries against the directory server. Examples:

  • o=example,c=com
  • cn=users,dc=ad,dc=example,dc=com
  • For Microsoft Active Directory, specify the base DN in the following format: dc=domain1,dc=local. You will need to replace the domain1 and local for your specific configuration. Microsoft Server provides a tool called ldp.exe which is useful for finding out and configuring the the LDAP structure of your server.
User Object Filter (optional)

The filter to use when searching user objects.

Example:

  • (memberOf=cn=MyGroup,cn=users,dc=example,dc=com)
Synchronisation IntervalSynchronization is the process by which the application updates its internal store of user data to agree with the data on the directory server. The application will send a request to your directory server every x minutes, where 'x' is the number specified here. The default value is10 minutes.
SSLCheck this if the connection to the directory server is an SSL (Secure Sockets Layer) connection. Note that you will need to configure an SSL certificate in order to use this setting. Rad More

Synchronize Application Groups from active directory

Application could obtain groups from Active Directory. The user should be member of the following groups where mapped with specific application roles.

Ad Role NameApplication Role
CESAdminAdministrator
CESProjectReaderOpen/Edit Projects
CESProjectWriterCreate Projects
CESDatabaseUserUser
CESParamItemWriterCreate/Edit Assemblies
CESAssemblyWriterCreate/Edit Resources
CESFunctionWriterCreate/Edit Functions
CESColumnFieldWriterField/Formula Customization
CESLocationFactorWriterLocation Factor Customization
CESOnlineDBUserOnline Database User
CESUserAdmin Create/Edit Users
CESEPS Create/Edit EPS
CESCosmoPublisherCOS.MO Publisher
CESGlobalPRJVariabledWriterCreate/Edit Global Project Variables Template
CESMasterLayoutWriterCreate/Edit Layouts (Master Database)
CESMediaLibraryWriterOpen/Edit Media Library (Master Database)
CESCostTeam1CostOS Team 1
CESCostTeam2CostOS Team 2
CESCostTeam3CostOS Team 3
CESCostTeam4CostOS Team 4
CESCostTeam5CostOS Team 5
CESCostTeam6CostOS Team 6
CESCostTeam7CostOS Team 7
CESCostTeam8CostOS Team 8
CESCostTeam9CostOS Team 9
CESCostTeam10CostOS Team 10