Finally, for clients to trust all your servers, distribute
<filename>root.crt
</filename> (the
<emphasis>certificate
</emphasis>, not the key!) to each client, and specify it in the
<literal>TLSCACertificateFile
</literal> directive in
<filename>ldap.conf
</filename>.