diff --git a/slapd/Dockerfile b/slapd/Dockerfile
index 21499412188d2231979d3a51d83dc9cc9847478f..ae52f9fef3eba1eedf643fe1e23a7f18a8e407a5 100644
--- a/slapd/Dockerfile
+++ b/slapd/Dockerfile
@@ -20,7 +20,7 @@ RUN apt-get update && \
     install -o root -g ssl-cert -m 664 /dev/null /etc/ssl/certs/ssl-cert-snakeoil.pem && \
     install -o root -g ssl-cert -m 664 /dev/null /etc/ssl/private/ssl-cert-snakeoil.key && \
     install -o root -g ssl-cert -m 664 /dev/null /usr/share/slapd/dh.pem && \
-    chown openldap /etc/ldap/ldap.conf && \
+    install -o openldap -g root -m 644 /dev/null /etc/ldap/ldap.conf && \
     install -d -o openldap -g openldap /run/slapd && \
     install -d -o openldap -g openldap /var/backups/ldap && \
     install -d -o openldap -g openldap /var/lib/ldap && \
diff --git a/slapd/entrypoint b/slapd/entrypoint
index 9a0d41f9800467a7a216799aec25fe1741a9afef..401557cb8b3890d47e0fd36db85102dd96368e35 100755
--- a/slapd/entrypoint
+++ b/slapd/entrypoint
@@ -62,6 +62,7 @@ cat >> /etc/ldap/ldap.conf <<EOF
 URI         ldapi:///
 SASL_MECH   EXTERNAL
 BASE        $BASE_DN
+TLS_CACERT  /etc/ssl/certs/ca-certificates.crt
 EOF
 
 # Unset the root password hash.