On 01/26/2013 07:09 AM, povder wrote: > Is there a way to force Kerberos to use StartTLS? Not at the moment. We have a pending patch to add SASL support to our LDAP KDB module, which also adds starttls support, but it needs some work. You can use SSL (on a separate port, typically 636) using an ldaps: URI.