OpenLDAP security is based on strict ACLs, safe bind policies, and encrypted transport.\n\n## Transport and Bind Policies\n\n- Require StartTLS/LDAPS for external clients.\n- Disable anonymous binds where not needed.\n- Enforce strong password and bind DN policies.\n\n## ACL and Replication Security\n\n- Implement least-privilege ACLs per subtree.\n- Protect syncrepl replication with TLS and credentials.\n- Log access failures and schema modifications.