I ran slapd as root, and I have the same problem. I modified the ACLs on certificates (777) for testing :
[root@ldap-proxy ~]# /usr/sbin/slapd -h ldap://ldap-proxy.fr -f /etc/openldap/slapd.conf -d 1 root@ldap-proxy certs]# getfacl * # file: ca-bundle.crt # owner: root # group: root user::rwx group::rwx other::rwx # file: server.crt # owner: root # group: root user::rwx group::rwx other::rwx # file: server.key # owner: root # group: root user::rwx group::rwx other::rwx [root@ldap-proxy certs]# backend logs: 67a1daee.1154b90b 0x7f64a65fd6c0 TLS: can't accept: error:0A0000C7:SSL routines::peer did not return a certificate. 67a1daee.115519eb 0x7f64a65fd6c0 connection_read(11): TLS accept failure error=-1 id=1003, closing 67a1daee.1157f6bd 0x7f64a65fd6c0 connection_closing: readying conn=1003 sd=11 for close 67a1daee.115914ae 0x7f64a65fd6c0 connection_close: conn=1003 sd=11 67a1daee.115930ce 0x7f64a75ff6c0 daemon: activity on 1 descriptor 67a1daee.115a630f 0x7f64a65fd6c0 daemon: removing 11 67a1daee.115b3150 0x7f64a75ff6c0 daemon: activity on:67a1daee.115cf5a9 0x7f64a65fd6c0 conn=1003 fd=11 closed (TLS negotiation failure)
