On Wed, 1 Dec 2010, Christian Bösch wrote:
* start slapd and check with ldapsearch that that ssf= value actually is present in cn=configas i expect: olcSecurity: ssf=0 tls=0 simple_bind=0 update_ssf=0* verify that you're getting behavior that matches what cn=config saysnow i'm getting Confidentiality required (13) for all binds, also for the excluded ips in the ACL that is not as it should be.
No, doesn't sound like it is. Are you verifying this with a current version (2.4.23 or RE24/HEAD CVS)? If so, this is probably worthy of an ITS (http://www.openldap.org/its/).