<AuthBy ADSI> authenticates from Windows Active Directory, which
is the user information database on Windows 2000 and later servers. It
uses ADSI (Active Directory Service Interface) to get user information
from any Active Directory service provider available to your Windows
server. It is only available on Windows 2000 and later server platforms.
It is implemented in AuthADSI.pm.
ADSI is a unified interface to Windows user information that was
introduced in Windows 2000. Active Directory can access user information
from a range of provider types:
- NT Primary or Secondary domain controller (WinNT:)
- Active Directory LDAP database (LDAP:)
- Novell Directory Services (NDS:)
You can configure AuthBy ADSI to use any of these service
providers.
During authentication, <AuthBy ADSI> check and honours
AccountDisabled, IsAccount-Locked and LoginHours for the user being
authenticated. It also checks the users password (by attempting to change
it). Because Active Directory does not make the plaintext password
available, <AuthBy ADSI> only supports PAP, not CHAP or MSCHAP
authentication.
<AuthBy ADSI> understands also the same parameters as <AuthBy
xxxxxx>. For more information, see
Section 3.32.
