Login.config vs. attribute-resolve.xml?
Chad La Joie
lajoie at shibboleth.net
Mon Jun 4 19:48:46 BST 2012
On 6/4/12 2:36 PM, Nate Klingenstein wrote:
> The connection overhead is the primary objection to the use of LDAPS.
> If the IdP and the directory are communicating over a truly
> private/protected network, then adding LDAPS on top of that is extra
> overhead for limited benefit.
There isn't much overhead in the attribute resolver if you turn on
connection pooling.
> In all other situations(e.g. most of them), I think the use of
> LDAPS/STARTTLS is advisable.
Indeed. Not doing so would be very careless.
More information about the users
mailing list