Hi!

When trying to start slapd, I got "main: TLS init def ctx failed: -1" before slapd quit. So I got the clue that something with TLS, probably certificates is wrong. I spend half of a day to examine the certificates used, found something, fixed that, but it did not help. Eventually I found some article (https://apple.stackexchange.com/questions/107130/slapd-daemon-cant-start-tls...) explaining that starting slapd with option -d1" would provide some more reasonable error details.

So I tried that, and I found "TLS: could not load client CA list (file:`',dir:`/etc/ssl/certs')." That's much more helpful than the original message, so I examined the directory. Interestingly the issue was that there wre four stale links to centificate files that did not longer exist (those were not used any more, however, because they expired several years ago). Deleting those links by calling c_rehash fixed the problem.

So at the very least I'm suggesting to provide the more useful error message also in non-debug mode. I'm not saying that the better error message couldn't be improved also.

Kind regards, Ulrich Windl