source: trunk/LATMOS-Accounts/man/man8/latmos-accounts-base-ad.pod @ 1508

# $Id$

=head1 DESCRIPTION

The C<ad> base support C<Active Directory> system from C<Microsoft> using
C<ldap> protocol.

It has been succefully test on C<Windows 2008> and C<Windows 2008r2>.

=head1 SPECIFIC SETUP PARAMTERS

=head2 domain

The domain name of this active directory base

=head2 server

Optional, specify the server to contact to access to this ldap base.

If not set, a DNS lookup is performed to find the list of available servers

=head2 login

The dn to use to connect to the ldap

=head2 password

The password to cuse to connect to ldap server

=head2 ssl

If set, try to connect using ssl

Notice using ssl is mandatory to be able to setup password.

=head2 user_container

The dn subpart of the container where user are located and will be created

=head2 group_container

The dn subpart of the container where groups are located and will be created

=head2 user_key_attribute, group_key_attribute

Specify the attribute to use to uniquely identify an object. The default is
C<cn>.

=head2 user_dn_attribute, group_dn_attribute

Specify the attribute to use forge the C<dn> of new object. The default is
C<cn>.

=head1 FAQ

=head2 Failure when chnaging password

When I try to sync/change a user password I get:

    0000052D: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0

The meaning of this error is "the password does not pass the quality test".

Active directory has by default a strong password policy including the password
lenght, the variety of caracters, etc...

The C<LATMOS::Accounts> system have itself a password quality test but it does
not have the same rules than an active directory, so a password accept on one
side can be reject on the other.

To change the password policy on active directory:

=over 4

=item open the Group Policy Console (Administration Tools)

=item Find the C<default domain policy> at top level of the domain

=item change parameter under system, Windows, Security parameters

=back