Comment 3 for bug 217159

Thank you for reporting this bug and helping to make Ubuntu better. I am able to use TLS with slapd without any problems, but one thing I had to adjust was to give the openldap user access to the directory containing the certificate and key.

I placed my cert in /etc/ssl/certs, and the key in /etc/ssl/private. Since the /etc/ssl/private directory's group ownership is ssl-cert I executed:

  sudo adduser openldap ssl-cert

Then restarted slapd, and everything worked fine using the configuration example you posted above (but with different directories). I'm using a self-singed cert and CA cert. Can you double check that the openldap user has access to your cert directory? Also another thing to try is adding the following to /etc/ldap/ldap.conf:

  TLS_REQCERT never

Then restart slapd and see if you can connect.

Thanks again.