Hey there, I'm currently trying to use the ltb password self service with an Active Directory domain. I have LDAPs working on AD and it can connect using my manager user, but the managed user doesn't have permissions to change a user's passwords.
I have a services OU and within it I made an account called sys_pss. I then right clicked on the People OU > delegate control. I selected my sys_pss user and added "Reset user password anf force password change at next logon" and "Read all user information." However when I attempt to change the password, I keep getting "Password was refused by the LDAP directory" and the following in the logs: [Wed Sep 28 15:44:36 2011] [error] [client 192.168.99.34] LDAP - Modify password error 50 (Insufficient access), referer: https://secure.exmaple.com I know it's using the manager user because if I put an incorrect password in the config php file, I get "Bind error 49." I have $ad_mode set to true and $who_change_password = "manager"; If I type in the wrong password for the old password, I do get an invalid password, so I know it's binding and authenticating correctly as the user. What permissions do I need to give to sys_pss in AD so it can modify user's passwords? Thanks Sumit _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
