Thread:Extension talk:LDAP Authentication/SSL Help/reply (3)

There are two connections occuring here:

Browser -> web server (HTTPS) web server -> LDAP server (LDAP)

The first connection is encrypted, the second is not. This means anything sent between the web server and the LDAP server can be sniffed, defeating the point of having HTTPS.