[Fedora-directory-users] Preferred authentication mechanism - LDAPS or startTLS
George Holbert
gholbert at broadcom.com
Wed Apr 9 20:20:25 UTC 2008
Hi David,
You're correct that LDAPS is deprecated. I think most people would
encourage you to prefer StartTLS.
However, you may still want to use LDAPS in your environment depending
on what LDAP client applications your service will need to support.
Several LDAP client programs still only support LDAPS, or have no
support at all for transport layer security. Your particular usage
scenario will be the most influential factor. If your LDAP service will
be used with a variety of clients, odds are there's at least a few that
will only support LDAPS.
> Beside startTLS, what are some other popular LDAP authentication
> mechanisms that is widely use in today's enterprise world?
As far as FDS, check out the following:
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_SSL.html
http://www.redhat.com/docs/manuals/dir-server/ag/8.0/SASL.html
http://directory.fedoraproject.org/wiki/Documentation
Chun Tat David Chu wrote:
> Hi group,
>
> I'm currently looking into LDAP authentication and would like to know
> about what is the preferred authentication mechanism. If I want to
> use TLS for authentication, should I use LDAPS or startTLS?
>
> From my understanding, LDAPS was introduced in LDAPv2 and startTLS is
> introduced in LDAPv3.
>
> I surfed on the Internet, and it appears that startTLS should be
> deprecating LDAPS but a lot of people are still using LDAPS today.
>
> Beside startTLS, what are some other popular LDAP authentication
> mechanisms that is widely use in today's enterprise world?
>
> Thanks!
>
> David
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
More information about the Fedora-directory-users
mailing list