Jeronimo Zucco writes: > Is it possible one ACL that just allow bind for auth with SSL or > TLS, but simple queries are allowed in plain ?
Yes, access to attrs=userPassword by ... ssf=(for example)128 auth" in slapd.conf. However, it gives a poor error message when a user does try to Bind with his password in cleartext. Use "security simple_bind=(for example)128" instead. And sasl-secprops if you use SASL Bind. You may also want to increase "localssf" to the security factor you use, so ldapi:// connections can Bind without TLS. -- Hallvard
