Chun Tat David Chu wrote:
I'm currently looking into LDAP authentication and would like to know about what is the preferred authentication mechanism. If I want to use TLS for authentication, should I use LDAPS or startTLS?
Both are not client authentication mechs if you don't use client certificates. In most deployments the SSL/TLS protocol provides server authentication and an encrypted data communication channel.
I surfed on the Internet, and it appears that startTLS should be deprecating LDAPS but a lot of people are still using LDAPS today.
I'd simply support both. LDAPS has the advantage that you can really mandate that the client must successfully establish an encrypted channel *before* sending any LDAP PDU with possibly confidential information.
Ciao, Michael. -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
