Full_Name: Andreas Hasenack Version: 2.3.36 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (200.140.247.98)

This is an enhancement request.

It would be helpfull if there were some configuration option for /etc/openldap/ldap.conf to mimic the -ZZ command line, that is, behave as if the user added -ZZ to it. Perhaps something along the lines of the sasl secprops, or the server's "security" keyword.

My scenario is that it doesn't matter if I block clear text communication with the ldap server via ACL or security: if the client initiates a simple bind operation in clear text, the password is exposed even if the server rejects the operation.

The point here is to avoid accidents, like leaving out the -ZZ option when doing command line operations. It would be like an initial default. It also saves typing, of course ;)

I can easily workaround this with shell aliases, or wrapper scripts, of course. That's why this is an enhancement request.