Bennett, Tony - CNF wrote:
Regarding LDAP, Apache is a client which must adhere to how the LDAP server is configured, be that a secure port (ldaps://) or via an unsecure connection (ldap://) that can be upgraded with a StartTLS. It appears, from the OpenLdap perspective, that use of ldaps:// is depricated in favor of StartTLS over ldap://.
It seems it is possible for OpenLDAP to support both ldaps:// and ldap:// + STARTTLS, however this is done using ldap_set_option():
http://www.openldap.org/lists/openldap-software/200409/msg00617.html
Both ldap:// + STARTTLS and ldaps:// are supported on both the Novell and OpenLDAP toolkits in APR-util v1.1 as of a few days ago. Microsoft SDK support should follow shortly.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
