Mark ApacheDS classes for removal

Closes gh-13851

docs/modules/ROOT/nav.adoc

@@ -4,6 +4,7 @@
 * xref:whats-new.adoc[What's New]
 * xref:migration-7/index.adoc[Preparing for 7.0]
 ** xref:migration-7/configuration.adoc[Configuration]
+** xref:migration-7/ldap.adoc[LDAP]
 * xref:migration/index.adoc[Migrating to 6.2]
 ** xref:migration/authorization.adoc[Authorization Changes]
 * xref:getting-spring-security.adoc[Getting Spring Security]

docs/modules/ROOT/pages/migration-7/ldap.adoc

@@ -0,0 +1,11 @@
+= LDAP Migrations
+
+The following steps relate to changes around how to configure the LDAP components and how to use an embedded LDAP server.
+
+== Use `UnboundId` instead of `ApacheDS`
+
+ApacheDS has not had a GA release for a considerable period, and its classes in Spring Security were https://github.com/spring-projects/spring-security/pull/6376[deprecated in version 5.2].
+Consequently, support for ApacheDS will be discontinued in version 7.0.
+
+If you are currently using ApacheDS as an embedded LDAP server, we recommend migrating to https://ldap.com/unboundid-ldap-sdk-for-java/[UnboundId].
+You can find instructions in xref:servlet/authentication/passwords/ldap.adoc#servlet-authentication-ldap-embedded[this section] that describe how to set up an embedded UnboundId LDAP server.

ldap/src/main/java/org/springframework/security/ldap/server/ApacheDSContainer.java

@@ -73,10 +73,10 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  * @author Gunnar Hillert
  * @author Evgeniy Cheban
- * @deprecated Use {@link UnboundIdContainer} instead because ApacheDS 1.x is no longer
+ * @deprecated For removal in 7.0. Use {@link UnboundIdContainer} instead because ApacheDS 1.x is no longer
  * supported with no GA version to replace it.
  */
-@Deprecated
+@Deprecated(since = "5.2", forRemoval = true)
 public class ApacheDSContainer
 		implements EmbeddedLdapServerContainer, InitializingBean, DisposableBean, Lifecycle, ApplicationContextAware {