On Wed, 1 Dec 2010, Christian Bösch wrote:
- start slapd and check with ldapsearch that that ssf= value actually is
present in cn=config
as i expect: olcSecurity: ssf=0 tls=0 simple_bind=0 update_ssf=0
- verify that you're getting behavior that matches what cn=config says
now i'm getting Confidentiality required (13) for all binds, also for the excluded ips in the ACL that is not as it should be.
No, doesn't sound like it is. Are you verifying this with a current version (2.4.23 or RE24/HEAD CVS)? If so, this is probably worthy of an ITS (http://www.openldap.org/its/).