I've created an AD authentication source, but it doesn't work and gets locked out after a few login attempts by different accounts. The end user accounts themselves don't get locked. The bind account password is correct and the same account is used for account & group collection.
What is the exact privilege that the AD account needs for successful authentication? The client doesn't want to give us full admin privileges yet because lifecycle will be done only later.