[Date Prev][Date Next]
Re: replica and ssl
Quanah Gibson-Mount wrote:
> You could leave it on port 389, use TLS, and be just as secure.
Quanah please be precise here: You are probably referring to StartTLS
extended operation sent over an existing LDAP connection. SSLv3 or TLSv1
is an encryption protocol above the transport layer encryption.
BTW: I see some security benefits when using LDAPS URIs over StartTLS
ext. op. You don't have to set another config parameter to make use of
SSL or TLS mandantory. But your mileage may vary.