[Date Prev][Date Next] [Chronological] [Thread] [Top]

force TLS and rootdn

I want to force clients to use TLS except on the IPv4 loopback interface.
As suggested by Aaron I have the following ACL as the very first one
# first, make sure TLS or localhost
access to *
        by tls_ssf=1 none break
        by peername.ip="" none break
        by * none
followed by my "real" ACLs.

Everything is working as expected but I've just noticed that I can
bind to the server with my rootdn in cleartext.
Is this expected? Is there a way to prevent this?