At times you will need to use self-signed SSL certificates for services that are generally not public facing, primarily because it's convenient and saves a few thousand dollars every year, depending on the scale of your deployment.
By default, many LDAP services in Linux will reject self-signed certificates. To tell your machine otherwise, you need to add the following line to /etc/ldap/ldap.conf in Debian or Ubuntu and /etc/ldap.conf in Centos:
TLS_REQCERT allow
You should now have hassle free OpenLDAP via SSL connectivity.