# $Id$ =head1 DESCRIPTION The C base support C system from C using C protocol. It has been succefully test on C and C. =head1 SPECIFIC SETUP PARAMTERS =head2 domain The domain name of this active directory base =head2 server Optional, specify the server to contact to access to this ldap base. If not set, a DNS lookup is performed to find the list of available servers =head2 login The dn to use to connect to the ldap =head2 password The password to cuse to connect to ldap server =head2 ssl If set, try to connect using ssl Notice using ssl or tls is mandatory to be able to setup password. =head2 tls If set start tls encryption on standard ldap port. C parameter must not set in this case. =head2 user_container The dn subpart of the container where user are located and will be created =head2 group_container The dn subpart of the container where groups are located and will be created =head2 user_key_attribute, group_key_attribute Specify the attribute to use to uniquely identify an object. The default is C. =head2 user_dn_attribute, group_dn_attribute Specify the attribute to use forge the C of new object. The default is C. =head1 FAQ =head2 Failure when chnaging password When I try to sync/change a user password I get: 0000052D: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0 The meaning of this error is "the password does not pass the quality test". Active directory has by default a strong password policy including the password lenght, the variety of caracters, etc... The C system have itself a password quality test but it does not have the same rules than an active directory, so a password accept on one side can be reject on the other. To change the password policy on active directory: =over 4 =item open the Group Policy Console (Administration Tools) =item Find the C at top level of the domain =item change parameter under system, Windows, Security parameters =back