Description of problem: In /etc/init.d/ldap the SSL test is bogus: if grep -q ^TLS /etc/openldap/slapd.conf || test x$SLAPD_LDAPS = xyes ; then harg="$harg ldaps:///" fi TLS is *not* SSL and instead runs over ldap:/// or ldapi:///. As such, TLS presence should not implicitly activate ldaps! Fix: if [ "$SLAPD_LDAPS" == yes ]; then harg="$harg ldaps:///"; fi; Version-Release number of selected component (if applicable): openldap-servers-2.3.38-1.fc8.i386.rpm Dates back to at least FC6 where I found the bug too.
fixed as you suggested - see SLAPD_LDAPS in /etc/sysconfig/ldap