If you are using transport layer security (TLS), you must install the necessary PEM certificate files before using the ldapclient command. In particular, install the self-signed server certificate and CA certificate files that are used to validate the LDAP server and possibly client access to the server are required. For example, if you have the PEM CA certificate certdb.pem, you must ensure that this file is added and readable in the certificate path.
For information about how to create and manage PEM format certificates, see Directory Server Security. After configuration, PEM certificate files must be stored in the location expected by the LDAP naming service client. The certificatePath attribute determines this location by default, which is in /var/ldap.