[1073] | 1 | # $Id$ |
---|
| 2 | |
---|
| 3 | =head1 DESCRIPTION |
---|
| 4 | |
---|
[1111] | 5 | The C<ad> base support C<Active Directory> system from C<Microsoft> using |
---|
| 6 | C<ldap> protocol. |
---|
| 7 | |
---|
| 8 | It has been succefully test on C<Windows 2008> and C<Windows 2008r2>. |
---|
| 9 | |
---|
[1073] | 10 | =head1 SPECIFIC SETUP PARAMTERS |
---|
| 11 | |
---|
| 12 | =head2 domain |
---|
| 13 | |
---|
| 14 | The domain name of this active directory base |
---|
| 15 | |
---|
| 16 | =head2 server |
---|
| 17 | |
---|
| 18 | Optional, specify the server to contact to access to this ldap base. |
---|
| 19 | |
---|
| 20 | If not set, a DNS lookup is performed to find the list of available servers |
---|
| 21 | |
---|
| 22 | =head2 login |
---|
| 23 | |
---|
| 24 | The dn to use to connect to the ldap |
---|
| 25 | |
---|
| 26 | =head2 password |
---|
| 27 | |
---|
| 28 | The password to cuse to connect to ldap server |
---|
| 29 | |
---|
| 30 | =head2 ssl |
---|
| 31 | |
---|
| 32 | If set, try to connect using ssl |
---|
| 33 | |
---|
[2051] | 34 | Notice using ssl or tls is mandatory to be able to setup password. |
---|
[1111] | 35 | |
---|
[2051] | 36 | =head2 tls |
---|
| 37 | |
---|
| 38 | If set start tls encryption on standard ldap port. |
---|
| 39 | |
---|
| 40 | C<ssl> parameter must not set in this case. |
---|
| 41 | |
---|
[1111] | 42 | =head2 user_container |
---|
| 43 | |
---|
| 44 | The dn subpart of the container where user are located and will be created |
---|
| 45 | |
---|
| 46 | =head2 group_container |
---|
| 47 | |
---|
| 48 | The dn subpart of the container where groups are located and will be created |
---|
[1112] | 49 | |
---|
[1117] | 50 | =head2 user_key_attribute, group_key_attribute |
---|
| 51 | |
---|
| 52 | Specify the attribute to use to uniquely identify an object. The default is |
---|
| 53 | C<cn>. |
---|
| 54 | |
---|
| 55 | =head2 user_dn_attribute, group_dn_attribute |
---|
| 56 | |
---|
| 57 | Specify the attribute to use forge the C<dn> of new object. The default is |
---|
| 58 | C<cn>. |
---|
| 59 | |
---|
[1112] | 60 | =head1 FAQ |
---|
| 61 | |
---|
| 62 | =head2 Failure when chnaging password |
---|
| 63 | |
---|
| 64 | When I try to sync/change a user password I get: |
---|
| 65 | |
---|
| 66 | 0000052D: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0 |
---|
| 67 | |
---|
| 68 | The meaning of this error is "the password does not pass the quality test". |
---|
| 69 | |
---|
| 70 | Active directory has by default a strong password policy including the password |
---|
| 71 | lenght, the variety of caracters, etc... |
---|
| 72 | |
---|
| 73 | The C<LATMOS::Accounts> system have itself a password quality test but it does |
---|
| 74 | not have the same rules than an active directory, so a password accept on one |
---|
| 75 | side can be reject on the other. |
---|
| 76 | |
---|
| 77 | To change the password policy on active directory: |
---|
| 78 | |
---|
| 79 | =over 4 |
---|
| 80 | |
---|
| 81 | =item open the Group Policy Console (Administration Tools) |
---|
| 82 | |
---|
| 83 | =item Find the C<default domain policy> at top level of the domain |
---|
| 84 | |
---|
| 85 | =item change parameter under system, Windows, Security parameters |
---|
| 86 | |
---|
| 87 | =back |
---|