Am 14.12.23 um 18:00 schrieb Jean-Luc Chandezon:
Thank you Stefan for suggestion Thank you Howard. It was exactly what I understood. When I start the daemon with command line:
slapd -h 'ldap://127.0.0.1:389 ldaps://192.168.190.58:636' -g openldap -u openldap -F /etc/ldap/slapd.d/ -d -1
I can see: 657ad073.144a7a3e 0x7f71df270200 TLS: opening `/etc/ssl/private/annuaire.lexp.fr.key' failed: Permission denied 657ad073.144b02fb 0x7f71df270200 TLS: could not use private key file `/etc/ssl/private/annuaire.lexp.fr.key`.
It is more detailed than rsyslog. As Quanah suggest, this is due to permission issue.
I can see these rights: -rw------- 1 openldap openldap 1704 Nov 29 17:37 /etc/ssl/private/annuaire.atol.fr.key
On debian, /etc/ssl/private is only readable by root and members of ssl-cert.
You ćan either add your openldap user to this group or move your certificate to /etc/ldap.
Best regards
Ulf