>>Trustin, wouldnt StartTLS be a part of the LDAP protocol impl rather
>>than a MINA filter?  I'm talking abt the command impl, not the actual
>>TLS handshake/encryption/decryption.  For this we already have the
>>SSLFilter.
>>
>>    
>>
To implement StartTLS you need to do two things:

1. Decode the LDAP extended operation.
2. Tell the network I/O layer to install SSL/TLS on the connection
and initiate its handshake.

The existing filter should be fine, as long as the code that
sees the extended operation has the ability to install the filter
(and as long as filters can be installed on-the-fly on a
connection that is already open).