I think the problem is probably unsolvable but I thought I'd ask.
I understand slapd starts as user root and reads config etc and then changes to user openldap
This means that it could potentially read a private key owned by root during startup?
The problem is when I try and configure private keys for ldap TLS the permissions are checked and if it's not owned by openldap and permissions 400 or 600 the configuration fails.
Is there a known solution to this problem? My config: apt show slapd ldap-utils Package: slapd Version: 2.4.57+dfsg-3+deb11u1 Package: ldap-utils Version: 2.4.57+dfsg-3+deb11u1 Jeremy