|
OpenLDAP Faq-O-Matic : General LDAP FAQ : Misc. :
Start TLS v. ldaps:// |
The StartTLS extended operation [RFC 2830] is LDAPv3's standard mechanism for enabling TLS (SSL) data confidentiality protection. The mechanism uses an LDAPv3 extended operation to establish an encrypted SSL/TLS connection within an already established LDAP connection. While the mechanism is designed for use with TLSv1, most implementations will fallback to SSLv3 (and SSLv2) if necessary.
|
ldaps:// is a mechanism for establishing an encrypted SSL/TLS connection for LDAP. It requires use of separate port, commonly 636. Though originally designed for use with LDAPv2 and SSLv2, many implementations support its use with LDAPv3 and TLSv1. Although there is no technical specification for ldaps:// it is widely used.
|
ldaps:// is deprecated in favor of Start TLS [RFC2830]. OpenLDAP 2.0 supports both.
|
For security reasons the server should be configured not to accept SSLv2.
|
[Append to This Answer] |