Full_Name: Michele Codutti Version: 2.3 OS: Linux/Debian URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (158.110.7.132)

Recently I need to implement a clustered system of OpenLDAP with syncrepl replication method. Every node has two interfaces: one public (let's say eth0) and one connected to a private subnet (let's say eth1). What I want is to impose only SSL/TLS connection on eth0 and unencrypted connection on eth1. I want this because is useless to encrypt syncrepl traffic through the private (dedicated and secured) subnet. I haven't found any directive that do what I want. At last I've implemented a solution suggested by Pierangelo Masaratti. I imposed TLS/SSL by these ACL's: access to * by sockurl="ldap://$PUBLIC_NAME" ssf=128 break by sockurl="ldap://$PUBLIC_NAME" stop by sockurl="ldaps://$PUBLIC_NAME" ssf=128 break by sockurl="ldaps://$PUBLIC_NAME" stop by * break Pierangelo also suggested me to write an ITS to ask for a specific directive to do this more naturaly. So here I'm. Could it be done?