What is the main driver to prevent use of clear-text communication ?
Does it related to authorization or just to prevent exchange of plain text password over the network ?
Are you sure none of your client application have any dependency on clear-text communication ? For instance, many client apps accesses the LDAP schema (cn=schema) and/or the rootDSE entry as anonymous using clear text channel. Forcing TLS might break such apps.
I would encourage you to have a look at the bind rules you can specify in access controls. You could restrict access to your data for SSL/TLS communication only, as described in Understanding the Oracle Unified Directory Access Control Model - 11g Release 2 (11.1.2) section 9.4.8 and 9.4.9
Network groups might help as well: You can classify incoming traffic based on authentication/encryption level. Then you can decide to expose directory content to secure connections only. Network groups are described at Understanding Oracle Unified Directory Concepts and Architecture - 11g Release 2 (11.1.2) and
Yet an alternate solution would be to develop a custom OUD plugin using the public API to refuse any requests performed on the LDAP port w/o TLS initiated. Plugin API is described at Oracle&reg; Fusion Middleware Developer's Guide for Oracle Unified Directory 11g Release 2 (11.1.2) - Contents and Oracle Fusion Middleware Java API Reference for Oracle Unified Directory
When closing a thread as answered remember to mark the correct and helpful posts to make it easier for others to find them
Thus far none of the applications I am working with require clear-text access, but you raise an interesting point, and keeping this option open for some pieces of the schema has merit. I will explore the idea of using bind rules to force ssl where needed at the data level. This sounds like the most flexible option that satisfies the need to enforce encryption on certain datasets without compromising functionality.