2014-07-11 4:19 GMT+02:00 Tom Henderson <t...@pack.co.nz>: > I'm having trouble giving our manager account the right permissions to > change passwords in active directory (Server 2008 R2). I've followed the > instructions to delegate control for 'reset password', 'write lockoutTime' > and 'write shadowlastchange', but I'm still getting an error "Password was > refused by the LDAP directory". > > In ssp_error.log I get: > PHP Warning: ldap_mod_replace(): Modify: Insufficient access in > /usr/share/self-service-password/lib/functions.inc.php on line 275, > referer: https://password.pack.co.nz/ > LDAP - Modify password error 50 (Insufficient access), referer: > https://password.pack.co.nz/ > > As a test I put the manager account into the domain admins group and ssp > worked perfectly, so it seems ssp is working fine and the issue is on the > AD side. > > Can anyone suggest how to troubleshoot this? > > Hi,
seems you done what was in the doc ( http://ltb-project.org/wiki/documentation/self-service-password/latest/config_ldap). If you are using reset by questions, you need some more rights but I think you already saw this. As I'm not an AD expert, I don't know how to get logs. Maybe someone on the list can help? Clément.
_______________________________________________ ltb-users mailing list ltb-users@lists.ltb-project.org http://lists.ltb-project.org/listinfo/ltb-users
