[Samba] Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.

Stephen stephen at ogdenradar.com
Wed Apr 10 14:51:16 UTC 2019

Dear samba-list, please disregard my previous post.
Since posting I have found a way to avoid the need to create a dedicated 
AD service account purely to allow Redmine to authenticate via LDAPS and 
AD. This neatly circumvents my original issue and is much more secure to 

For future Redmine users googling, refer to this document here:

The section "Dynamic Bind" in the aforementioned document described how 
you can force Redmine to assume thatt supplied login credentials are a 
valid AD account, and to verify these credentials via LDAPS.

Stephen Ellwood

More information about the samba mailing list