Quanah,
Quanah Gibson-Mount wrote:
Just note that using SSL over port 636 is not a defined protocol, and may go away in the future. Avoidance of its use when possible recommended.
- IMO StartTLS ext. op. is flawed because there's no way to mandate the use of it before a misbehaving LDAP client has a chance to send credentials on the wire. - Also StartTLS ext. op. is rarely supported by LDAP clients.
=> If the OpenLDAP developers were really crazy enough to remove support for LDAPS from OpenLDAP I'd kick OpenLDAP out of my business immediately. Period.
Ciao, Michael.