...
LDAPS is the non-standardized "LDAP over SSL" protocol that in contrast with StartTLS only allows communication over a secure port such as 636. It establishes the secure connection before there is any communication with the LDAP server. LDAPS generally provides protection against man-in-the-middle attacks and a higher level of security than StartTLS as it explicitly does not allow insecure LDAP connectionsHowever, as LDAPS is not part of the LDAP standard, there is no guarantee that LDAPS client libraries actually verify the host name against the name provided in the security certificate. See here for more information.
Scope
- The current article describes the configuration of StartTLS for use with the JOC Cockpit web services and Web Service Truststore, as well as providing a code example for calling LDAPS from the shiro.ini file. Users wishing to configure their server to use LDAPS should refer their LDAP server administrator.
...