Thank you MrHoffman. Based upon your suggestions I was finally able to fix the problem.
For all of you with may encounter a similar problem, here is what I did:
MrHoffman wrote:
The trigger can be a bad or expired certificate; see the logs for slapd.
Right after the update, when I first realized that there is a problem with LDAP, I looked at the LDAP tab in Server Admin. It showed that SSL is turned on, but no certificate was selected.
I tried to use the default certificate, and a valid mydomain.com certificate. I also created a new self signed certificate for server.mydomain.com. Also switching off SSL altogether doesn't helped.
Can also be a DNS-level configuration error; a bogus or mismatched FQDN.
My DNS primary zone is set to mydomain.com. and the nameserver hostname is server.mydomain.com.
Try starting slapd from the shell, via +slapd -d -1+ and see if anything interesting shows.
Enter: +sudo /usr/libexec/slapd -d -1+
The interesting part comes at the bottom, right before the TLS error message:
+TLS: attempting to read `/etc/certificates/www.mydomain.com.key'.+
+/usr/sbin/certadmin --get-private-key-passphrase /etc/certificates/www.mydomain.com.key: Not a private key file managed by Mac OS X Server+
+TLS: could not use key file `/etc/certificates/www.mydomain.com.key'.+
+TLS: error:0D07207B:asn1 encoding routines:ASN1
getobject:header too long /SourceCache/OpenSSL098/OpenSSL098-35/src/crypto/asn1/asn1_lib.c:150+
+main: TLS init def ctx failed: -1+
www.mydomain.com.key belongs to an old outdated certificate, witch has long been deleted, and does not show up in Server Admin anymore.
Also +slapconfig -getldapconfig+ doesn't refer to this old SSL certificate. Instead it shows whatever certificate had been entered at the LDAP tab in Server Admin.
So I dug a bit deeper and fond it here:
/etc/openldap/slapd.d/cn=config.ldif
+olcTLSCertificateFile: /etc/certificates/www.mydomain.com.crt+
+olcTLSCertificateKeyFile: /etc/certificates/www.mydomain.com.key+
+olcTLSCACertificateFile: /etc/certificates/www.mydomain.com.chcrt+
+olcTLSCertificatePassphraseTool: /usr/sbin/certadmin --get-private-key-passphr+
+ase /etc/certificates/www.mydomain.com.key+
After removing these 5 lines and restarting the service (and also the server to be 100% safe) the LDAP problem was fixed.