Description of problem:
In /etc/init.d/ldap the SSL test is bogus:
if grep -q ^TLS /etc/openldap/slapd.conf || test x$SLAPD_LDAPS = xyes ; then
TLS is *not* SSL and instead runs over ldap:/// or ldapi:///. As such, TLS
presence should not implicitly activate ldaps!
if [ "$SLAPD_LDAPS" == yes ]; then
Version-Release number of selected component (if applicable):
Dates back to at least FC6 where I found the bug too.
fixed as you suggested - see SLAPD_LDAPS in /etc/sysconfig/ldap