diff --git a/dicos/70_lemonldap_ng.xml b/dicos/70_lemonldap_ng.xml
index e4d49fc..b3c72fc 100644
--- a/dicos/70_lemonldap_ng.xml
+++ b/dicos/70_lemonldap_ng.xml
@@ -92,7 +92,10 @@
             <variable name='llCheckLogins' type='oui/non' description="Permettre aux utilisateurs d'afficher l'historique de connection">
                 <value>non</value>
             </variable>
-            <variable name='llResetPassword' type='oui/non' description="Permettre aux utilisateurs de réinitialiser leurs mots de passe">
+            <variable name='llResetPassword' type='oui/non' description="Permettre aux utilisateurs de réinitialiser leurs mots de passe par mail">
+                <value>oui</value>
+            </variable>
+            <variable name='llChangePassword' type='oui/non' description="Permettre aux utilisateurs de changer leurs mots de passe depuis LemonLDAP">
                 <value>oui</value>
             </variable>
             <variable name='llResetExpiredPassword' type='oui/non' description="Autoriser le renouvellement des mots de passe expirés">
@@ -148,7 +151,7 @@
         </check>
 
         <check name="valid_enum" target="llRegisterDB">
-            <param>['LDAP','Demo','Custom']</param>
+            <param>['LDAP','AD','Demo','Custom']</param>
         </check>
         <group master="casAttribute">
             <slave>casLDAPAttribute</slave>
diff --git a/dicos/71_lemonldap_ng_scribe.xml b/dicos/71_lemonldap_ng_scribe.xml
index 7a5ca95..691bd0c 100644
--- a/dicos/71_lemonldap_ng_scribe.xml
+++ b/dicos/71_lemonldap_ng_scribe.xml
@@ -55,6 +55,10 @@
             <param>AD</param>
         </auto>
 
+        <auto name='calc_val' target='llRegisterDB'>
+            <param>AD</param>
+        </auto>
+
         <auto name='calc_val' target='ldapBindUserDN'>
             <param type='eole'>sasl_ldap_reader</param>
         </auto>
diff --git a/tmpl/lemonldap-ng.ini b/tmpl/lemonldap-ng.ini
index 25e511c..81874bd 100644
--- a/tmpl/lemonldap-ng.ini
+++ b/tmpl/lemonldap-ng.ini
@@ -197,11 +197,11 @@ portalSkin = %%llSkin
 ; Modules displayed
 ;portalDisplayLogout = 1
 portalDisplayResetPassword = %%boolean[%%llResetPassword]
-;portalDisplayChangePassword = 1
+portalDisplayChangePassword = %%boolean[%%llChangePassword]
 ;portalDisplayAppslist = 1
 ;portalDisplayLoginHistory = 1
 ; Require the old password when changing password
-;portalRequireOldPassword = 1
+portalRequireOldPassword = %%boolean[%%llChangePassword]
 ; Attribute displayed as connected user
 ;portalUserAttr = mail
 ; Old menu HTML code
diff --git a/tmpl/lmConf-1.json b/tmpl/lmConf-1.json
index 4fd5af5..b136925 100644
--- a/tmpl/lmConf-1.json
+++ b/tmpl/lmConf-1.json
@@ -160,19 +160,29 @@
     "ldapPpolicyControl": 1,
     %end if
     "ldapAllowResetExpiredPassword": 1,
+    "ldapChangePasswordAsUser": 1,
   %else
     "ldapPpolicyControl": 0,
     "ldapAllowResetExpiredPassword": 0,
+    "ldapChangePasswordAsUser": 1,
   %end if
 %end if
-    "ldapChangePasswordAsUser": 1,
     "ldapAuthnLevel": 2,
+    "ldapSearchDeref": "find",
 %if %%eole_module == "scribe"
     "ldapBase": "cn=Users,dc=%echo ",dc=".join(%%ad_domain.split('.')) + '",'
+    "ldapExportedVars": {
+        "cn": "cn",
+        "mail": "mail",
+        "uid": "cn"
+    },
+    "ldapGroupAttributeName": "memberUid",
+    "ldapGroupAttributeNameGroup": "dn",
+    "ldapGroupAttributeNameSearch": "cn",
+    "ldapGroupAttributeNameUser": "cn",
+    "ldapGroupObjectClass": "group",
 %else
     "ldapBase": "%%ldapUserBaseDN",
-%end if
-    "ldapSearchDeref": "find",
     "ldapExportedVars": {
         "cn": "cn",
         "mail": "mail",
@@ -183,6 +193,7 @@
     "ldapGroupAttributeNameSearch": "cn",
     "ldapGroupAttributeNameUser": "uid",
     "ldapGroupObjectClass": "eolegroupe",
+%end if
     "ldapGroupRecursive": 0,
     "ldapPasswordResetAttribute": "pwdReset",
     "ldapPasswordResetAttributeValue": "TRUE",
@@ -228,7 +239,7 @@
     "mailTimeout": 0,
 %if %%llResetPassword == "oui"
     %if %%is_empty(%%llResetUrl)
-    "mailUrl": "https://%%authWebName/mail.pl",
+    "mailUrl": "https://%%authWebName/resetpwd",
     %else
     "mailUrl": "%%llResetUrl",
     %end if
@@ -281,7 +292,7 @@
     "portalAntiFrame": 1,
     "portalCheckLogins": %%boolean[%%llCheckLogins],
     "portalDisplayAppslist": 1,
-    "portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/",
+    "portalDisplayChangePassword": "$_auth =~ /^(AD|LDAP|DBI|Demo)$/",
     "portalDisplayLoginHistory": 1,
     "portalDisplayLogout": 1,
     "portalDisplayRegister": 1,