7 Oct
2010
7 Oct
'10
11:43 a.m.
The reason why I (think I) need both is that many third party apps on the server (PHP applications typically) do not easily manage StartTLS. Meanwhile, having two different ports make it easier to manage via iptables.
You can also use StartTLS over the network and LDAPI (connection over Unix sockets, which are inherently secure) for apps running on the server. I use it, both with OpenLDAP and 389 Directory Server (a.k.a. Fedora DS, Red Hat DS).