Closed fmarier closed 11 years ago
ozten
commented
11 years ago Off hand, I'm not sure.
This is config, so ops can use either ldap or ldaps which connects over SSL to 636 per LDAPv2 spec (not via Start TLS).
Totally open to other patches, but we should circle back with Mozilla IT to make sure we meet their setup at a minimum. I believe the current code and config works with their setup.
Not sure what the status of Start TLS is with the ldapjs library.
vmunix
commented
11 years ago I'd pretty strongly disagree with the statement "SSL on port 636 is discouraged and people are urged to use 389 with STARTTLS". In fact, I'd say the opposite (just use SSL to 636) is true in the wild, in my experience at least.
Regardless, I know for sure ldapjs does not support STARTTLS.
fmarier
commented
11 years ago If ldapjs doesn't support it then I guess we can close this issue.
A friend of mine who knows a lot about LDAP said this:
"The config interface exposes this:
exports.ldap_server_url = 'ldaps://addressbook.mozilla.com:636';
Running an LDAP server on SSL port 636 is discouraged and people are urged to use 389 with STARTTLS."