Emmanuel Lécharny wrote: > I would rather say : "whay not using TLS at the first place ?". There is > no reason to expect the LDAP server to run locally, and there is no > reason to expect your network not being hacked those days. Setting TLS > is just a matter of common sense.
If there is a chance for the comms to get overheard by someone malicious, I'd agree. But there's a cost to TLS (time spent making it work, right here nad now, also CPU, memory, battery life etc) and any cert WILL expire and break comms at some point unless you remember (in a few years probably) to renew them just in time. All worth it if protection is needed, all wasted effort if both server and client are bound to loopback exclusively. But Serge already pointed out it all makes sense here, so nothing left to argue about. :-)
