by Stephen Elaschuk.
I'm trying to give my LDAP Bind user sufficient privileges to reset user passwords, without adding them to the Domain Administrators group in active directory.
I've used the "Delegate Control" wizard on my root domain object to attempt to assign password reset permissions. However it seems no combination of delegation permissions seems to work. Even if I delegate Full Control to my LDAP bind user, the error coming back from moodle when the user attempts to change their password is:
Debug info:
Error code: errorpasswordupdate
Error code: errorpasswordupdate
Stack trace:
- line 476 of /lib/setuplib.php: moodle_exception thrown
- line 110 of /login/change_password.php: call to print_error()
Output buffer: Warning: ldap_modify(): Modify: Insufficient access in /var/www/moodle/auth/ldap/auth.php on line 1351
Only when I add my bind user to domain admins does it function properly. I realize this is more AD related than moodle, but I'm hoping somewhere here has had a similar experience and can help.
Thanks!