Nick Howitt wrote:

Odd, this one as only some people are getting it. Can you post your /etc/openldap/slapd.conf? If you have a setup which came from 6.x it appears to be pulling certificates from /etc/openldap/cacerts. If you have a vanilla set up, it puls them from /etc/openldap/certs. Either way it does not explain the problem of why it works with the old version of openssl and not the new.

dear Nick, firstly, thank you for watching this ...

as I wrote yesterday I had this in a fresh installed 7.4 box. It happened on Friday morning: the customer called me saying samba shares were not reachable anymore, and he was asking for authentication, but no users could reach his files and folders; after trying out to solve, I decided the server will be sooner functional reinstalling it (i rsync data and home dirs very often on another HDD). So I got the box, pulled out HDDs and installed a freshly downloaded 7.4 DVD image.
Then I re-entered the few users and groups and retored back data. Restored sync and backup scripts and we were happy to be functional again.
The day after I was called by the customer: he was back without access. Once i saw the problem was once again in slapd daemon, I read logs and I realized openldap components were updated in the night.

Anyway her you are certs directory ownership:


and this one is slapd.conf