Closed
Description
When LDAP_ENFORCE_TLS is enabled, the olcSecurity is set to tls=1, which effectively disables the ldapi:/// protocol (since it's not TLS). This means that all modifications to cn=config made after setting olcSecurity: tls=1 are silently ignored. The only way to see that stuff fails is to pass --loglevel debug.
This should be solved by adding olcLocalSSF: 128 in docker-openldap/image/service/slapd/assets/config/tls/tls-enforce-enable.ldif as per the slapd.conf man page. This should solve issues like #92 where it's impossible to change cn=config settings via ldapi:///