Sir/Madam: I successfully set up TLS on both openldap server and client through port 389 on ubuntu. I didn't use SSL through port 636. However, I found non encrypted/clear text connections can be made through port 389 to the openldap server as well. How can I enforce TLS connection only and reject any non encrypted connections? Should I use olcAccess or olcSecurity? or both? I couldn't find any detailed steps/documentation about it. Please note, I am not use slapd.conf which is for older version of openldap. Thanks a lot! Yan Thanks a lot! Yan