Encrypted LDAP Connections

The LDAP Session Provider supports three methods of connecting to the LDAP server: No encryption, StartTLS, and LDAPS. The StartTLS and LDAPS methods allow password to be sent securely. Both of these use the SSL/ TLS protocol to secure the transmission. The main difference is that LDAPS encrypts the entire conversation while StartTLS only encrypts the transmission of sensitive data (such as the password). This means that StartTLS is much faster and less demanding of resources. For those reasons, it is the default setting for a new connection.

Note that the LDAP server itself must be configured for secure connections in order for StartTLS and LDAPS to work.