Ulrich Windl wrote:

Isn't the SSF strength for ldapi:// zero?

The SSF strength of ldapi:// is whatever you set with configuration directive localSSF. It's your local security policy decision.

Personally on my systems I don't see any problem with setting it to an equal strength like a strongly encrypted TLS connection. YMMV.

Ciao, Michael.