Am 09.02.2017 um 20:54 schrieb Quanah Gibson-Mount:
Please see the slapd.conf(5) or slapd.conf(5) man pages, which clearly state:
TLSCACertificateFile <filename> Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.
Note "That *slapd* will recognize". The server cannot and will not provide the cert chains to clients as that is a massive security risk. Clients can and must be configured with the list of CAs *they* will trust when the server provides the cert.
that's not the issue. A TLS server sent it's certificate and all intermediates EXCLUDING the self signed root to the client. This is not true for my setup and I don't know why: misconfiguration or wrong ssl implementation.
Andreas