| 1 | # $Id$ |
|---|
| 2 | |
|---|
| 3 | =head1 DESCRIPTION |
|---|
| 4 | |
|---|
| 5 | The C<ad> base support C<Active Directory> system from C<Microsoft> using |
|---|
| 6 | C<ldap> protocol. |
|---|
| 7 | |
|---|
| 8 | It has been succefully test on C<Windows 2008> and C<Windows 2008r2>. |
|---|
| 9 | |
|---|
| 10 | =head1 SPECIFIC SETUP PARAMTERS |
|---|
| 11 | |
|---|
| 12 | =head2 domain |
|---|
| 13 | |
|---|
| 14 | The domain name of this active directory base |
|---|
| 15 | |
|---|
| 16 | =head2 server |
|---|
| 17 | |
|---|
| 18 | Optional, specify the server to contact to access to this ldap base. |
|---|
| 19 | |
|---|
| 20 | If not set, a DNS lookup is performed to find the list of available servers |
|---|
| 21 | |
|---|
| 22 | =head2 login |
|---|
| 23 | |
|---|
| 24 | The dn to use to connect to the ldap |
|---|
| 25 | |
|---|
| 26 | =head2 password |
|---|
| 27 | |
|---|
| 28 | The password to cuse to connect to ldap server |
|---|
| 29 | |
|---|
| 30 | =head2 ssl |
|---|
| 31 | |
|---|
| 32 | If set, try to connect using ssl |
|---|
| 33 | |
|---|
| 34 | Notice using ssl or tls is mandatory to be able to setup password. |
|---|
| 35 | |
|---|
| 36 | =head2 tls |
|---|
| 37 | |
|---|
| 38 | If set start tls encryption on standard ldap port. |
|---|
| 39 | |
|---|
| 40 | C<ssl> parameter must not set in this case. |
|---|
| 41 | |
|---|
| 42 | =head2 user_container |
|---|
| 43 | |
|---|
| 44 | The dn subpart of the container where user are located and will be created |
|---|
| 45 | |
|---|
| 46 | =head2 group_container |
|---|
| 47 | |
|---|
| 48 | The dn subpart of the container where groups are located and will be created |
|---|
| 49 | |
|---|
| 50 | =head2 user_key_attribute, group_key_attribute |
|---|
| 51 | |
|---|
| 52 | Specify the attribute to use to uniquely identify an object. The default is |
|---|
| 53 | C<cn>. |
|---|
| 54 | |
|---|
| 55 | =head2 user_dn_attribute, group_dn_attribute |
|---|
| 56 | |
|---|
| 57 | Specify the attribute to use forge the C<dn> of new object. The default is |
|---|
| 58 | C<cn>. |
|---|
| 59 | |
|---|
| 60 | =head1 FAQ |
|---|
| 61 | |
|---|
| 62 | =head2 Failure when chnaging password |
|---|
| 63 | |
|---|
| 64 | When I try to sync/change a user password I get: |
|---|
| 65 | |
|---|
| 66 | 0000052D: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0 |
|---|
| 67 | |
|---|
| 68 | The meaning of this error is "the password does not pass the quality test". |
|---|
| 69 | |
|---|
| 70 | Active directory has by default a strong password policy including the password |
|---|
| 71 | lenght, the variety of caracters, etc... |
|---|
| 72 | |
|---|
| 73 | The C<LATMOS::Accounts> system have itself a password quality test but it does |
|---|
| 74 | not have the same rules than an active directory, so a password accept on one |
|---|
| 75 | side can be reject on the other. |
|---|
| 76 | |
|---|
| 77 | To change the password policy on active directory: |
|---|
| 78 | |
|---|
| 79 | =over 4 |
|---|
| 80 | |
|---|
| 81 | =item open the Group Policy Console (Administration Tools) |
|---|
| 82 | |
|---|
| 83 | =item Find the C<default domain policy> at top level of the domain |
|---|
| 84 | |
|---|
| 85 | =item change parameter under system, Windows, Security parameters |
|---|
| 86 | |
|---|
| 87 | =back |
|---|
![(please configure the [header_logo] section in trac.ini)](/link-accounts/chrome/site/your_project_logo.png){kind=logo}
