Hi David,
You're correct that LDAPS is deprecated. I think most people would
encourage you to prefer StartTLS.
However, you may still want to use LDAPS in your environment depending
on what LDAP client applications your service will need to support.
Several LDAP client programs still only support LDAPS, or have no
support at all for transport layer security. Your particular usage
scenario will be the most influential factor. If your LDAP service will
be used with a variety of clients, odds are there's at least a few that
will only support LDAPS.
Beside startTLS, what are some other popular LDAP authentication
mechanisms that is widely use in today's enterprise world?
As far as FDS, check out the following:
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_SSL.html
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/SASL.html
http://directory.fedoraproject.org/wiki/Documentation
Chun Tat David Chu wrote:
Hi group,
I'm currently looking into LDAP authentication and would like to know
about what is the preferred authentication mechanism. If I want to
use TLS for authentication, should I use LDAPS or startTLS?
From my understanding, LDAPS was introduced in LDAPv2 and startTLS is
introduced in LDAPv3.
I surfed on the Internet, and it appears that startTLS should be
deprecating LDAPS but a lot of people are still using LDAPS today.
Beside startTLS, what are some other popular LDAP authentication
mechanisms that is widely use in today's enterprise world?
Thanks!
David
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
