My current real ACLS' 10.3.5.205 is the IP address of the system on the loopback interface. These settings still allow any system to connect without using TLS. If I change the line in the last ACL to "by users read" bthen i can't connect on the loopback anymore.. What am I doing wrong?
The example you used was bad to start with. I suggest reading the slapd.access man page, where the meaning of "break" is clearly described. The ACL as written will never do what you want. Based on how your ACLs are written, I'd suggest fully reading the entire slapd.access man page, as there's definitely some reworking of your ACLs that would make things more clearly defined in behavior as well for anyone else who may have to ever read them. ;)
--Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration