I take this ITS number since it seems you filed the same issue four times. AFAICS the others (ITS#5993, ITS#5995 and ITS#5996) should be ignored by everyone responding.
duramaxlb7@gmail.com wrote:
Master log file when slapo-chain runs
TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca.
Slave log file when slapo-chain runs
TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
To me both messages look like the trusted CA cert (directory) is not properly configured.
I had the same problem with LUMA and that problem went away when I put the starttls=critical in the chain-idassert-bind
Hmm, are you sure you didn't add "tls_cacertdir=/etc/openldap/cacerts" to chain-idassert-bind at the same time when testing?
Ciao, Michael.