Web lists-archives.com

Re: [Samba] Disabling password expiry for a AD service account for accessing LDAPS, and security best practices.




On Wed, 10 Apr 2019 15:51:16 +0100
Stephen via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Dear samba-list, please disregard my previous post.
> Since posting I have found a way to avoid the need to create a
> dedicated AD service account purely to allow Redmine to authenticate
> via LDAPS and AD. This neatly circumvents my original issue and is
> much more secure to boot.
> 
> For future Redmine users googling, refer to this document here:
> https://www.redmine.org/projects/redmine/wiki/RedmineLDAP
> 
> The section "Dynamic Bind" in the aforementioned document described
> how you can force Redmine to assume thatt supplied login credentials
> are a valid AD account, and to verify these credentials via LDAPS.
> 
> Thanks
> Stephen Ellwood
> 
> 

To be honest, the 'Dynamic Bind' method doesn't seem that secure to me,
anybody could 'pretend' to be someone else.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba