ldaps is deprecated in favor of start-tls+ldap in a lot of products - iirc because of security issues w/ ldaps.
AD should support start tls + ldap - is there a reason not to use that ?
I’m checking with Security about this question. They did tell me that I should use “LDAPS://” to initiate the connection but that doesn’t work, I get an invalid URL error.
Agree with Bill. We use ldap 389 and I've done Wireshark traces in the past and submitted them to security teams for review. It's all encrypted.
Well – start tls + ldap. Just ‘ldap’ won’t be encrypted. The port that gets used is irrelevant.