My proxy is an intermediary between the client and the backend. It is the one that must send its certificate. I tried using an LDAPRC file in the current LDAP directory (/etc/openldap).
[root@ldap-proxy openldap]# cat LDAPRC TLS_REQCERT demand TLS_CACERT /etc/openldap/certs/ca-bundle.crt TLS_CERT /etc/openldap/certs/server.crt TLS_KEY /etc/openldap/certs/server.key SASL_MECH external [root@ldap-proxy openldap]#
slapd is running as root, the certificates are accessible, and I am getting the same error.
client : ldapsearch -H ldap://ldap-proxy.fr -b "dc=appli,dc=test,dc=com" -D "dn" -w "pwd" ldap_bind: Server is unavailable (52) additionnal info: Proxy operation retry failed
backend: 67a2399c.16545bc1 0x7fcd097fe6c0 TLS: can't accept: error:0A0000C7:SSL routines::peer did not return a certificate. 67a2399c.1654df65 0x7fcd097fe6c0 connection_read(11): TLS accept failure error=-1 id=1001, closing 67a2399c.1655ea96 0x7fcd097fe6c0 connection_closing: readying conn=1001 sd=11 for close 67a2399c.1656cbfb 0x7fcd097fe6c0 connection_close: conn=1001 sd=11 67a2399c.1656e627 0x7fcd09fff6c0 daemon: activity on 1 descriptor 67a2399c.16580ddb 0x7fcd097fe6c0 daemon: removing 11 67a2399c.1658da8c 0x7fcd09fff6c0 daemon: activity on:67a2399c.165a2375 0x7fcd097fe6c0 conn=1001 fd=11 closed (TLS negotiation failure) 67a2399c.165afc42 0x7fcd09fff6c0 67a2399c.165ca47b 0x7fcd09fff6c0 daemon: epoll: listen=7 active_threads=0 tvp=NULL