LDAPS is used among security folks and developers pretty indiscriminately. The general gist is that the LDAP connection is encrypted between the client and server via SSL/TLS – with a lot of hand waving involved. But there is actually a slight difference in how SSL and TLS are negotiated over LDAP. TLS can be negotiated over the standard 389 port, rather than the 636 port we normally associate with SSL connections – although for the sake of convention, it’s generally done over port 636 as well.

LDAPS comes from LDAPv2 (retired in 2003) where the SSL negotiation takes place before any commands are sent from the client to the server. With a TLS connection, the connection is negotiated (non-encrypted) before any commands are sent – but the first command is StartTLS, which tells the server to renegotiate the connection, but this time, use TLS for encryption and authentication.

Despite these protocols being technically different, the general usage of the term LDAPS implies at least one of the methods.