Trying to get sudoers working on openldap/centos7

Is the 21, the line number of the .ldif file? Or some other error code

That's the return code for Invalid Syntax.

LDAP_INVALID_SYNTAX - 21 (0x15)
An attribute value specified on an LDAP client request does not have a valid syntax specified. 
For example, if an attribute type in the schema has an integer syntax, an integer value must be specified on an add or modify request.

Can you do the following to troubleshoot this further ?

• Check whether sudoers schema files are present on the host. if it's not present, copy it from here

  # ls -l /etc/openldap/schema/sudo.schema
  

• Check whether the sudo.schema (or equivalent file) is added to the relevant openldap server configuration file.

  # grep sudo.schema /etc/openldap/slapd.conf
  include         /etc/openldap/schema/sudo.schema
  

• Check if sudoers OU exists!

  # ldapsearch -H ldap://localhost -x -LLL -s one -b "OU=SUDOers,dc=bbb,dc=local"
  

  If it's not, add it using ldapadd (1)
• Check if there are syntax errors in the ldif file using

  # /usr/bin/cvtsudoers /tmp/sample.ldif -i ldif -f sudoers
  

You should probably go through the official sudo documentation link that contain explanations for some of the above thing.