[Samba] Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.

Rowland Penny rpenny at samba.org
Wed Apr 10 15:11:39 UTC 2019

On Wed, 10 Apr 2019 15:51:16 +0100
Stephen via samba <samba at lists.samba.org> wrote:

> Dear samba-list, please disregard my previous post.
> Since posting I have found a way to avoid the need to create a
> dedicated AD service account purely to allow Redmine to authenticate
> via LDAPS and AD. This neatly circumvents my original issue and is
> much more secure to boot.
> For future Redmine users googling, refer to this document here:
> https://www.redmine.org/projects/redmine/wiki/RedmineLDAP
> The section "Dynamic Bind" in the aforementioned document described
> how you can force Redmine to assume thatt supplied login credentials
> are a valid AD account, and to verify these credentials via LDAPS.
> Thanks
> Stephen Ellwood

To be honest, the 'Dynamic Bind' method doesn't seem that secure to me,
anybody could 'pretend' to be someone else.


More information about the samba mailing list