On Tue, Feb 04, 2025 at 09:22:53AM -0000, Fred N wrote: > I ran slapd as root, and I have the same problem. I modified the ACLs on > certificates (777) for testing : > > [root@ldap-proxy ~]# /usr/sbin/slapd -h ldap://ldap-proxy.fr -f > /etc/openldap/slapd.conf -d 1 > > backend logs: > > 67a1daee.1154b90b 0x7f64a65fd6c0 TLS: can't accept: error:0A0000C7:SSL > routines::peer did not return a certificate.
"peer did not return a certificate" -> the server demands that a client present a valid certificate which didn't happen. You want to fix your client. If it's a ldap* tool (like ldapsearch), use .ldaprc, -o tls_cert/tls_key or the corresponding environment options otherwise it *will not* be sent and this is all you get. -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
