Delegating only the "Change Password (Extended Right)" permission does not allow use of the changepassword method via the Active Roles ADSI Provider (4371827)

Delegating only the "Change Password (Extended Right)" permission does not allow use of the changepassword method via the Active Roles ADSI Provider

There is a default Access Template located here:
Configuration/Access Templates/Active Directory/Advanced/Users - Change Password (Extended Right)

Using this Access Template and/or adding the same permission manually will not allow the use of the changepassword method on the Active Roles ADSI Provider.

In addition to this permission, the initiator must also be delegated:
- Write edsaOldPassword
- Write User Password
- Read objectClass
 

This issue is being tracked as Defect ID 419760.

WORKAROUND

None.


STATUS

Waiting for fix in a future release of Active Roles. 

419760