NAME

Net::LDAP::Extra::AD -- AD convenience methods

SYNOPSIS

use Net::LDAP::Extra qw(AD);

$ldap = Net::LDAP->new( ... );

...

if ($ldap->is_AD || $ldap->is_ADAM) {
  $ldap->change_ADpassword($dn, $old_password, $new_password);
}

DESCRIPTION

Net::LDAP::Extra::AD tries to spare users the necessity to reinvent the wheel again and again in order to correctly encode password strings so that they can be used in AD password change operations.

To do so, it provides the following methods:

METHODS

is_AD ( )

Tell if the LDAP server queried is an Active Directory Domain Controller.

As the check is done by querying the root DSE of the directory, it works without being bound to the directory.

is_ADAM ( )

Tell if the LDAP server queried is running AD LDS (Active Directory Lightweight Directory Services), previously known as ADAM (Active Directoy Application Mode).

As the check is done by querying the root DSE of the directory, it works without being bound to the directory.

change_ADpassword ( DN, OLD_PASSWORD, NEW_PASSWORD )

Change the password of the account given by DN from its old value OLD_PASSWORD to the new value NEW_PASSWORD.

This method requires encrypted connections.

reset_ADpassword ( DN, NEW_PASSWORD, OPTIONS )

Reset the password of the account given by DN to the value given in NEW_PASSWORD. OPTIONS is a list of key/value pairs. The following keys are recognized:

force_change

If TRUE, the affected user is required to change the password at next login.

For this method to work, the caller needs to be bound to AD with sufficient permissions, and the connection needs to be encrypted.

AUTHOR

Peter Marschall <peter@adpm.de<gt>

COPYRIGHT

Copyright (c) 2012 Peter Marschall. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.