https://bugs.openldap.org/show_bug.cgi?id=9938
--- Comment #4 from Quanah Gibson-Mount quanah@openldap.org --- (In reply to martin.von.wittich from comment #2)
(In reply to Quanah Gibson-Mount from comment #1)
The FAQ is historic, 99% of what's in it is incorrect.
Hmm, would it be possible to add a warning to all FAQ articles, or even to get rid of it completely?
The goal is to replace it in the long run with current up to date information.
That aside, the main issues I see are:
a) StartTLS is actually defined in an RFC for LDAPv3 while LDAPS is not part of any RFC
b) Given the order of operations, it's easier to leak credentials when using ldap:/// even if TLS is mandated on the server side than it is with ldaps:///
However, I'd generally say that this ITS should be closed. This is an issue that should be raised with the LDAP IETF working group, not the OpenLDAP project, since it's an issue that applies to LDAP in general, not a specific implementation of LDAP.