If you ever get into a situation, where you see

main: TLS init def ctx failed: -69

in your syslog, just remove the f**k**g passphrase from the key.

Maybe the error message is too obvious, because I found nothing helpful in the web. BTW: Confucius says: Building LDAP server on ONE day, will prevent you from getting headache, mkay!