Reputation: 1960
Should my LDAP client application have option to use "ldaps" and/or "StartTLS"?
I am writing a simple client to authenticate user via LDAP. I am using OpenLDAP libraries. The application simply searches for the user in the LDAP server and bind the user.
While configuring LDAP server (OpenLDAP) for Ubuntu, I came across -
LDAP over TLS/SSL (ldaps://) is deprecated in favour of StartTLS. The latter refers to an existing LDAP session (listening on TCP port 389) becoming protected by TLS/SSL whereas LDAPS, like HTTPS, is a distinct encrypted-from-the-start protocol that operates over TCP port 636.
Does this mean that the LDAP client I am writing is OK not to have an option for selecting the encryption type? Is this deprecated?
Here is the wire-frame I am about to implement in couple of days:
Any thoughts and suggestions?
Upvotes: 0
Views: 898
Answers (1)
Reputation: 310903
It means you should use one of those types. It doesn't mean you need a UI option to select it.
Upvotes: 1
Related Questions
- What's the best way to write an LDAP client in Python
- Why doesn't ldapsearch over ssl/tls work?
- why authentication fails with startTLS connection in apache directory studio?
- LDAP server configuration
- StartTls, ApacheDS Problem
- Best practice interaction between application and LDAP
- LDAP server vs LDAP sdk
- LDAP parameters settings
- LDAP server - usage
- Using StartTLS with LDAP from System.DirectoryServices