Re: Q: different SSF settings for ldapi:// than for ldap:

Ulrich Windl wrote:

I've configured slapd to require excryption (confidentiality).

You did not post relevant configuration details.

Now connections via ldapi:// fail with "13 Confidentiality required". When adding "-ZZ" for ldapsearch (e.g.), the connection fails, because the certificate does not match ldapi:// (I asked about that before, but got no answer). How can I configure slapd not to require confidentiality?

Obviously using TLS over ldapi:// does not make sense.

I have this in my config:

# SSF value for ldapi:// localSSF 256 # minimum required SSF value (security strength factor) security ssf=128

See slapd.conf(5) for details.

Ciao, Michael.