We're in the market for a password management utility that would function with Active Directory and LDAP that would allow a user to securely reset or change their password without helpdesk intervention, etc. It would need to have some sort of mechanism for authentication - security questions, two-step verification, etc. - and various rules for setting new passwords. We have our eye on one product but would like recommendations from anyone who has experience with a third-party utility that they've been satisfied with. It would presumably need to be some sort of web-based interface.