Minimum AD account permissions for LDAP query

I have a single OpenFire server setup.

I setup LDAP authentication so that my users could use exisiting windows Username / PW combinations to get into the OpenFire server via the Spark client.

I created an AD account to do the lookups (ofldap). What permissions in the Delegate Control Wizard do I need enabled in order to perform the lookups without granting excessive power to this user? It seems that I can only get people to sucessfuly authenticate if I use the Administrator account.

the ldap account doesn’t need anyt special permissions. just a regular domain user