diff --git a/CHANGELOG.md b/CHANGELOG.md
index a4ff0bf5..300ed425 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## 3.5.7.dev
 * Extend: [auth] dovecot: add support for version >= 2.4
+* Fix: report/getetag with enabled expand
+* Adjust: use of option [auth] ldap_ignore_attribute_create_modify_timestamp for support of Authentik LDAP server
 
 ## 3.5.6
 * Fix: broken start when UID does not exist (potential container startup case)
diff --git a/radicale/auth/ldap.py b/radicale/auth/ldap.py
index 84dcee0b..ababe16a 100644
--- a/radicale/auth/ldap.py
+++ b/radicale/auth/ldap.py
@@ -89,8 +89,7 @@ class Auth(auth.BaseAuth):
 
         self._ldap_ignore_attribute_create_modify_timestamp = configuration.get("auth", "ldap_ignore_attribute_create_modify_timestamp")
         if self._ldap_ignore_attribute_create_modify_timestamp:
-            self.ldap3.utils.config._ATTRIBUTES_EXCLUDED_FROM_CHECK.extend(['createTimestamp', 'modifyTimestamp'])
-            logger.info("auth.ldap_ignore_attribute_create_modify_timestamp applied")
+            logger.info("auth.ldap_ignore_attribute_create_modify_timestamp will be applied")
 
         self._ldap_uri = configuration.get("auth", "ldap_uri")
         self._ldap_base = configuration.get("auth", "ldap_base")
@@ -260,6 +259,8 @@ class Auth(auth.BaseAuth):
 
     def _login3(self, login: str, password: str) -> str:
         """Connect the server"""
+        if self._ldap_ignore_attribute_create_modify_timestamp:
+            self.ldap3.utils.config._ATTRIBUTES_EXCLUDED_FROM_CHECK.extend(['createTimestamp', 'modifyTimestamp'])
         try:
             logger.debug(f"_login3 {self._ldap_uri}, {self._ldap_reader_dn}")
             if self._use_encryption: