That's not really an openldap issue, but I guess its developper knows
openssl behaviour better then myself: how could a simple
distribution-provided update of root certificates affect the way
openldap uses my own root certificate ?
Before the update, the root certificate is correctly read from
/etc/pki/tls/rootcerts, as per openldap configuration (TLS_CACERTDIR
variable). After the update, the root certificate is still read, but
ignored, then looked for again in /etc/pki/tls/certs, triggering a
failure if not also present/symlinked from there.
The only file change affecting the tool between the two scenarios,
according to strace, is /etc/pki/tls/cert.pem, which doesn't contains
anything useful in my case. May a syntax error, or a too large size,
triggers side-effects ?
Full traces available at
BOFH excuse #61:
not approved by the FCC