Does anyone know which specific permissions within Microsoft AD the username programmed into the ASA for LDAP authentication needs to have? The documentation just states that the username needs to be an administrator within active directory, but I don't want to make the account a member of the domain admins group if it is not necessary. I'd like to be as granular as possible.
We are going to be doing password management on the ASA so users can change their passwords when they expire. I'm not sure if that makes a difference on the permissions necessary.