On Wed, 1 Dec 2010, Christian Bösch wrote:
yes thats clear.
the above model with global ssf=0 and acls for exceptions is working fine as long i
don't restart the slapd.
if i restart slapd, encryption is also required for the defined ips in the acl. then i
have to change the global ssf value to something and then
back to ssf=0 and it works again!
i wanted to know why this strange behaviour happens?
Maybe trace out where you start and where you're going:
* stop slapd, check with slapcat -n 0 what your initial ssf= value is
* start slapd and check with ldapsearch that that ssf= value actually is
present in cn=config
* verify that you're getting behavior that matches what cn=config says
* do your ldapmodify to ssf=1, ldapsearch cn=config to verify, verify
* do your ldapmodify to ssf=0, ldapsearch cn=config to verify, verify
Which of these work as expected? Which don't?