Minimum required AD permissions

[jacksonuwm]

I am integrating an instance of SnipeIT into an AD domain, but only have permissions at an OU-level for my department. I want to create a service account that SnipeIT can use to perform the LDAP sync, but I'm not sure what minimum permissions are necessary to have on the OU. When I use my admin credentials, the LDAP sync test works and everything is fine. When I use the service account, which has the base, read-only permissions on the parent OU and all descendant objects, the sync fails. Does anybody know the required permissions SnipeIT needs to perform the LDAP sync?