S?valdur Arnar Gunnarsson wrote: >Bottom line, how do I disable the security check that demands TLS/SSL >connection in order to change passwords ? > > You can't, without editing the source code that is. RFC3062 says: 4. Security Considerations This operation is used to modify user passwords. The operation itself does not provide any security protection to ensure integrity and/or confidentiality of the information. Use of this operation is strongly discouraged when privacy protections are not in place to guarantee confidentiality and may result in the disclosure of the password to unauthorized parties. This extension MUST be used with confidentiality protection, such as Start TLS [RFC 2830]. The NULL cipher suite MUST NOT be used. There was a hack put in during development that allowed sanity to be preserved while debugging the feature, by disabling the requirement for SSL. You could flip that on and recompile. See here: http://cvs.fedora.redhat.com/lxr/dirsec/source/ldapserver/ldap/servers/slapd/passwd_extop.c#63
