When running a Policy Server, this one cannot connect with SSL to the LDAP User Directory and it reports the error:

[79525/139743374337792][Sun Apr 19 2020 10:10:48][SmDsLdapConnMgr.cpp:917][ERROR][sm-Ldap-01370] SmDsLdapConnMgr Bind. Server ldap.example.com : 636. Error 81-Can't contact LDAP server

Policy Server 12.8SP3 on RedHat 7;

The LDAP User Store certificate is tagged as a CA Certificate (Root) as it has C, not P:

# certutil -L -d /{home_policy_server}/siteminder/certs

  Certificate Nickname                                         Trust Attributes
                                                               SSL,S/MIME,JAR/XPI

  myldapserver                                                 C,C,C
  RootCA                                                       P,,
  
The certificate should be set as P and not C as per documentation (1).

 
Make the myldapserver as P,, and not as C,C,C:

  Certificate Nickname                                         Trust Attributes
                                                               SSL,S/MIME,JAR/XPI

  myldapserver                                                 C,C,C
  RootCA                                                       P,,
  
  # certutil -D -n myldapserver -d /{home_policy_server}/certs
  # certutil -A -n myldapserver -t P,, -i myldapserver.crt -d /{home_policy_server}/certs
  # certutil -L -d /{home_policy_server}/certs

should show as something like:

  Certificate Nickname                                         Trust Attributes
                                                               SSL,S/MIME,JAR/XPI

  myldapserver                                                 P,,
 
Make also RootCA as C,, and not as P,,

1. Configure an SSL Connection to an LDAP Data Store
   https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/configure-policy-server-data-storage-options/configure-an-ssl-connection-to-an-ldap-data-store.html