Web lists-archives.com

Re: [Samba] Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.

On Wed, 10 Apr 2019 15:51:16 +0100
Stephen via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Dear samba-list, please disregard my previous post.
> Since posting I have found a way to avoid the need to create a
> dedicated AD service account purely to allow Redmine to authenticate
> via LDAPS and AD. This neatly circumvents my original issue and is
> much more secure to boot.
> For future Redmine users googling, refer to this document here:
> https://www.redmine.org/projects/redmine/wiki/RedmineLDAP
> The section "Dynamic Bind" in the aforementioned document described
> how you can force Redmine to assume thatt supplied login credentials
> are a valid AD account, and to verify these credentials via LDAPS.
> Thanks
> Stephen Ellwood

To be honest, the 'Dynamic Bind' method doesn't seem that secure to me,
anybody could 'pretend' to be someone else.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba