Hi, On Thursday, 6. September 2012, tBM wrote: > Which is better to use for secure ldap? > > Net::LDAP > Net::LDAPS > > Looks like Net::LDAP sees more updates than Net::LDAPS
The fact that Net::LDAPS sees less updates than Net::LDAP can be explained very easily: Net::LDAPS is a very small subclass of Net::LDAP, and relies for all of it's function on Net::LDAP. Hence almost all improvements for Net::LDAP help Net::LDAPS too. To answer your question: Net::LDAP alone is not secure, it transfers everything in clear text. To make it secure, you need to call the start_tls() method, which switches the established connection on port 389 to TLS. Ideally you do this before you call bind(), otherwise you transfer your credentials in the clear ;-) This is the way secure transfer has been standardized in LDAPv3. Net::LDAPS on the other hand implements the non-standardized, but widely used, SSL-encrypted connection to port 636 My recommendation: 1) Net::LDAP + start_tls 2) Net::LDAPS [of 1) is not supproted by the server] 3) Net::LDAP without TLS only for anonymous access Best Peter -- Peter Marschall pe...@adpm.de
