Hi MJ, haven't checked that, but when not using User binding but giving a bind dn, probably the bind User is used for this action. Probably you can check that in the AD logs. Also, you can probably give the user only the right to modify the userPassword attribute - at least in openldap that's possible.
Regards, Christoph > Am 30.01.2017 um 13:27 schrieb lists (li...@merit.unu.edu) <users@sogo.nu>: > > Hi, > > To support end-user password change using /SOGo, is it required that the > bindDN from sogo.conf has admin permissions in active directory? > > Or are the changes done under the credentials of the currently /SOGo logged > on user, and without the need for admin permissions in AD? > > MJ > -- > users@sogo.nu > https://inverse.ca/sogo/lists -- users@sogo.nu https://inverse.ca/sogo/lists