[Date Prev][Date Next] [Chronological] [Thread] [Top]

start_tls versus ldaps



Hi all,

First of all, I apologize for my poor english writing skill. I hope you to 
understand me.

I'm almost new using TLS/SSL (and OpenLDAP too), so don't be rough ;)

Right, I'm trying to set up an OpenLDAP server and I'd like the connections to 
be encrypted. Ok, it seems that TLS/SSL works pretty fine using start_tls or 
ldaps://. So, my question is, what's better?

I've read somewhere that TLS is the "new way" and must be preferred. So, I 
suppose I could close the 636 port. In the other hand, I don't know if I can 
force the clients to use TLS over 389 this way.

>From your experience, what do you think about it? I almost have read the 
"admin guide" and I've not seen clear advices on this issue.

Thank you in advance.

--
Imobach González Sosa
Servicio de Informática y Comunicaciones de la ULPGC
e-mail: igonzalez@becarios.ulpgc.es
Teléfono: +34 928 459519