Sorry to hijack your post, but can you shed some light on what you needed to do to setup LTB self service for your Windows environment? Specifically, was it necessary to deploy ADCS just to get it to work? I have tested with LDAP Admin (www.ldapadmin.org<http://www.ldapadmin.org>) and with that app it wasn't necessary to use LDAPS in order to reset passwords. However, LTB SSP seems to need a secure socket connection in order to work.
With respect to your questions, I found what looks like useful information for setting up an AD account for password resets here: http://updates.thycotic.net/passwordresetserver/documents/PRSInstallationGuideWindows6.pdf (see page 37-44) From: [email protected] [mailto:[email protected]] On Behalf Of Gray McCord Sent: Wednesday, January 15, 2014 1:00 PM To: [email protected] Subject: [Ltb-users] Question: requirements for AD LDAP-only user permissions? I've been using LTB very successfully for months on an AD/LDAP environment and have finally gotten to the point where I've turned it over to our users to try. What I want to do is create an "LTB-only" AD user which only has the permissions necessary to change and reset passwords. I created the user in AD and ran the Delegation of control wizard to set this up. I thought that enabling "Reset user passwords" and "Read all user information" might work, but alas, no. I would up having to select "create, delete, and manage user accounts". The good news is that its no longer using my or an admin's credentials, but I think I don't really need LTB to be able to create or delete or change group membership for users, which I think this setting permits. Anyway, does anyone know what the minimum appropriate set of permissions / best practice should be to allow LTB to do its job? Thanks! Gray Gray McCord Adapt, Mutate, Migrate, or Die -C. Darwin -- This message has been scanned for viruses and dangerous content by MailScanner<http://www.mailscanner.info/>, and is believed to be clean.
_______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
