Sævaldur Arnar Gunnarsson wrote:
Bottom line, how do I disable the security check that demands TLS/SSL
connection in order to change passwords ?
You can't, without editing the source code that is.
RFC3062 says:
4. Security Considerations
This operation is used to modify user passwords. The operation
itself does not provide any security protection to ensure integrity
and/or confidentiality of the information. Use of this operation is
strongly discouraged when privacy protections are not in place to
guarantee confidentiality and may result in the disclosure of the
password to unauthorized parties. This extension MUST be used with
confidentiality protection, such as Start TLS [RFC 2830]. The NULL
cipher suite MUST NOT be used.
There was a hack put in during development that allowed sanity to be
preserved while debugging the feature, by disabling the requirement for
SSL. You could flip that on and recompile. See here:
http://cvs.fedora.redhat.com/lxr/dirsec/source/ldapserver/ldap/servers/sl...