I'm having trouble giving our manager account the right permissions to change passwords in active directory (Server 2008 R2). I've followed the instructions to delegate control for 'reset password', 'write lockoutTime' and 'write shadowlastchange', but I'm still getting an error "Password was refused by the LDAP directory".
In ssp_error.log I get: PHP Warning: ldap_mod_replace(): Modify: Insufficient access in /usr/share/self-service-password/lib/functions.inc.php on line 275, referer: https://password.pack.co.nz/ LDAP - Modify password error 50 (Insufficient access), referer: https://password.pack.co.nz/ As a test I put the manager account into the domain admins group and ssp worked perfectly, so it seems ssp is working fine and the issue is on the AD side. Can anyone suggest how to troubleshoot this? Cheers Tom Henderson IT Manager | Pack & Company | 027 461 4403 | 09 929 2750 | [email protected] -- ---------------------------------------------------------------------------If you are not the intended recipient of this email, you must not disclose, copy, or distribute any information contained in or attached to it, or take any action/inaction based on it. Please contact us immediately, and delete this email from your system. Any views or opinions presented in this email are solely those of the author and not of Pack & Company (NZ) Limited (the "Company"), however any intellectual property contained in or attached to this email is the property of the Company. Thank you.
_______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
