SSL and TLS provide similar functionality, so you do not need to use both methods, however, it can be beneficial to have both forms of protection configured on the same system.
Sites that use SSL protection can also configure TLS protection as a backup, in case the LdapServerName property is accidently configured to contain a non-SSL URL, for example:
- You can configure the LdapServerName property using an _ldaps._tcp or _gcs._tcp URL scheme to automatically enable SSL protection.
- You can also set LdapClientUseTls=yes to enable TLS protection. As long as an _ldaps._tcp or _gcs._tcp URL scheme is in force for the LdapServerName property, TDGSS ignores the setting of the LdapClientUseTls property, and continues to use the SSL protection specified in the LdapServerName property.
- If someone accidently changes the LdapServerName configuration to _ldap._tcp or _gc._tcp, which disables the SSL protection, the system automatically uses the LdapClientUseTls=yes setting to maintain protection, using TLS.
See LdapServerName.