ldapmodify 无法实施 TLS 证书

更改文件夹所有权后，ldapmodify 能够成功。我不太清楚为什么，因为我确定其他能够读取和执行文件夹，并且证书和密钥可被读取其他也一样。

~$ sudo chown ldap:ldap ./certs/ ./private/ ./cacerts/

~$ sudo chown -R ldap:ldap ./private/ ./cacerts/

~$ ls -la
total 24
drwxr-xr-x.  7 root root  122 Aug 20 17:42 .
drwxr-xr-x. 78 root root 8192 Aug 20 18:07 ..
drwxr-xr-x.  2 ldap ldap   20 Aug 20 17:42 cacerts
drwxr-xr-x.  2 ldap ldap  106 Aug 20 17:42 certs
-rw-r--r--.  1 root root  121 Jan 29  2019 check_password.conf
-rw-r--r--.  1 root root  363 Jan 29  2019 ldap.conf
drwxr-xr-x.  2 ldap ldap   22 Aug 20 17:42 private
drwxr-xr-x.  2 root root 4096 Aug 20 17:42 schema
drwxr-x---.  3 ldap ldap   45 Aug 20 17:42 slapd.d

~$ /usr/bin/ldapmodify -Y EXTERNAL -H ldapi:// -f /tmp/certs.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=config"

~$ grep -R olcTLS /etc/openldap/slapd.d
/etc/openldap/slapd.d/cn=config.ldif:olcTLSCACertificatePath: /etc/openldap/certs
/etc/openldap/slapd.d/cn=config.ldif:olcTLSCertificateKeyFile: /etc/openldap/private/ldap.key
/etc/openldap/slapd.d/cn=config.ldif:olcTLSCertificateFile: /etc/openldap/certs/ldap.crt
/etc/openldap/slapd.d/cn=config.ldif:olcTLSCACertificateFile: /etc/openldap/cacerts/ca.crt