Jeronimo Zucco writes:
Is it possible one ACL that just allow bind for auth with SSL or
TLS, but simple queries are allowed in plain ?
Yes, access to attrs=userPassword by ... ssf=(for example)128 auth" in slapd.conf. However, it gives a poor error message when a user does try to Bind with his password in cleartext.
Use "security simple_bind=(for example)128" instead. And sasl-secprops if you use SASL Bind. You may also want to increase "localssf" to the security factor you use, so ldapi:// connections can Bind without TLS.