Hi,
We've set up a system where an OpenLDAP and Windows AD sync passwords, which currently works fine. However, we use a domain admin to connect to the LDAP and change passwords, which is a bit of a security risk.
So we've created a normal domain user (no other specific permissions), and delegate control for all other normal users by specifying the following two tasks:
- Reset inetOrgPerson passwords and force password change ...
- Read all inetOrgPerson information
But unfortunately, that's not working and fails with the following error: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data ...
What else do I need to delegate in order to allow the user to connect to the LDAP, search the user and reset the password?