Forum Discussion
Brad_Parker
Nov 12, 2015Cirrus
It sounds like your LDAP server doesn't support StartTLS on port 636. The difference here is SSL is LDAPS and is always encrypted. The client initiates an SSL handshake before exchanging an data(most likely 636). The TLS option here is StartTLS, which means the client first contacts the LDAP server on an un-encrypted connection(most likely 389) and the requests to start a TLS tunnel over that connection. In my opinion, LDAPS is more secure as encryption is required from the get go.