And just to add a real world example. If you use one of the dependent packages (apache, exim, squid, samaba, php, postress etc.) and use LDAP for your auth, then the SSL is worthless and anyone with access to the network can intercept and recover the credentials in the request/response.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835181 Title: OpenLDAP LDAP_OPT_X_TLS_REQUIRE_CERT handling differences between ldaps:// and ldap:// with STARTTLS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1835181/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
