On 10/24/2021 11:19 PM, Ulrich Windl wrote:
Some time ago the way to install root certificates had changed
You mean on the server side? There's nothing wrong with the certificate chain on the server, everything trusts that properly including the ldapsearch included with the Symas openldap 2.4 rpms. The issue is that the 2.5 rpms include their own bundled version of openssl, which is not configured to trust the system certificate repository.