1 | # $Id$ |
---|
2 | |
---|
3 | =head1 DESCRIPTION |
---|
4 | |
---|
5 | The C<ad> base support C<Active Directory> system from C<Microsoft> using |
---|
6 | C<ldap> protocol. |
---|
7 | |
---|
8 | It has been succefully test on C<Windows 2008> and C<Windows 2008r2>. |
---|
9 | |
---|
10 | =head1 SPECIFIC SETUP PARAMTERS |
---|
11 | |
---|
12 | =head2 domain |
---|
13 | |
---|
14 | The domain name of this active directory base |
---|
15 | |
---|
16 | =head2 server |
---|
17 | |
---|
18 | Optional, specify the server to contact to access to this ldap base. |
---|
19 | |
---|
20 | If not set, a DNS lookup is performed to find the list of available servers |
---|
21 | |
---|
22 | =head2 login |
---|
23 | |
---|
24 | The dn to use to connect to the ldap |
---|
25 | |
---|
26 | =head2 password |
---|
27 | |
---|
28 | The password to cuse to connect to ldap server |
---|
29 | |
---|
30 | =head2 ssl |
---|
31 | |
---|
32 | If set, try to connect using ssl |
---|
33 | |
---|
34 | Notice using ssl or tls is mandatory to be able to setup password. |
---|
35 | |
---|
36 | =head2 tls |
---|
37 | |
---|
38 | If set start tls encryption on standard ldap port. |
---|
39 | |
---|
40 | C<ssl> parameter must not set in this case. |
---|
41 | |
---|
42 | =head2 user_container |
---|
43 | |
---|
44 | The dn subpart of the container where user are located and will be created |
---|
45 | |
---|
46 | =head2 group_container |
---|
47 | |
---|
48 | The dn subpart of the container where groups are located and will be created |
---|
49 | |
---|
50 | =head2 user_key_attribute, group_key_attribute |
---|
51 | |
---|
52 | Specify the attribute to use to uniquely identify an object. The default is |
---|
53 | C<cn>. |
---|
54 | |
---|
55 | =head2 user_dn_attribute, group_dn_attribute |
---|
56 | |
---|
57 | Specify the attribute to use forge the C<dn> of new object. The default is |
---|
58 | C<cn>. |
---|
59 | |
---|
60 | =head1 FAQ |
---|
61 | |
---|
62 | =head2 Failure when chnaging password |
---|
63 | |
---|
64 | When I try to sync/change a user password I get: |
---|
65 | |
---|
66 | 0000052D: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0 |
---|
67 | |
---|
68 | The meaning of this error is "the password does not pass the quality test". |
---|
69 | |
---|
70 | Active directory has by default a strong password policy including the password |
---|
71 | lenght, the variety of caracters, etc... |
---|
72 | |
---|
73 | The C<LATMOS::Accounts> system have itself a password quality test but it does |
---|
74 | not have the same rules than an active directory, so a password accept on one |
---|
75 | side can be reject on the other. |
---|
76 | |
---|
77 | To change the password policy on active directory: |
---|
78 | |
---|
79 | =over 4 |
---|
80 | |
---|
81 | =item open the Group Policy Console (Administration Tools) |
---|
82 | |
---|
83 | =item Find the C<default domain policy> at top level of the domain |
---|
84 | |
---|
85 | =item change parameter under system, Windows, Security parameters |
---|
86 | |
---|
87 | =back |
---|