Chun Tat David Chu wrote: > > I'm currently looking into LDAP authentication and would like to know > about what is the preferred authentication mechanism. If I want to use > TLS for authentication, should I use LDAPS or startTLS? Both are not client authentication mechs if you don't use client certificates. In most deployments the SSL/TLS protocol provides server authentication and an encrypted data communication channel. > I surfed on the Internet, and it appears that startTLS should be > deprecating LDAPS but a lot of people are still using LDAPS today. I'd simply support both. LDAPS has the advantage that you can really mandate that the client must successfully establish an encrypted channel *before* sending any LDAP PDU with possibly confidential information. Ciao, Michael.
