On Wed, 1 Dec 2010, Christian Bösch wrote:
yes thats clear. the above model with global ssf=0 and acls for exceptions is working fine as long i don't restart the slapd. if i restart slapd, encryption is also required for the defined ips in the acl. then i have to change the global ssf value to something and then back to ssf=0 and it works again! i wanted to know why this strange behaviour happens?
Maybe trace out where you start and where you're going:
* stop slapd, check with slapcat -n 0 what your initial ssf= value is
* start slapd and check with ldapsearch that that ssf= value actually is present in cn=config
* verify that you're getting behavior that matches what cn=config says
* do your ldapmodify to ssf=1, ldapsearch cn=config to verify, verify behavior
* do your ldapmodify to ssf=0, ldapsearch cn=config to verify, verify behavior
Which of these work as expected? Which don't?