PSO Enum as low priv user

[tiyeuse]

Even if a low priv user cannot have details on Password Settings Object, it is still possible to enumerate which principals (Users and Groups by default) are subject to this setting.

$ ldeep ldap -u bob -p password -s 192.168.57.5 -d corp pso
Unprivileged enumeration:
principal:pso_name
user:PSO2
user:DA-PSO
Domain Admins:DA-PSO