LDAP supports STARTTLS to encrypt communications using TLS. STARTTLS begins as a plaintext connection over the standard LDAP port (389), and that connection is then upgraded to TLS.

With 6.2 we can use DNS discovery which is based on _ldaps records however these records are not created automatically when adding a domain controller to a domainm which results in a high level of effort to manage these records (creation, modification, deletion, etc.)

If STARTTLS is implemented by the AAF LDAP clienst then customers can continue using non-TLS DNS discovery based on _ldap records and have those connections be upgraded to TLS.

by: Tim S. | over a year ago | Configuration