OpenLdap TLS authentication setup

These are SINGLE-VALUE. Use replace instead of add.

Also note, changes in the attributes may require a restart of slapd. (Not everything is a run-time configurable as we'd like.)

Your schema is probably:

attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.70 NAME 'olcTLSCertificateFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.3.0.71 NAME 'olcTLSCertificateKeyFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

A little explaination: ldapmodify add causes slapd to make sure you aren't putting in the attribute valie pair twice by doing an equality match. From what I can tell it should be using 2.5.13.6 NAME 'caseExactOrderingMatch', but I've not sure I've ever tried an add for these attributes. This behavior might be completely normal.