The reason for failure is that TLS_CERT and TLS_KEY are user-only options according to man page for LDAP.CONF(5).
Specifies the file that contains the client certificate. This is a user-only option.
Specifies the file that contains the private key that matches the certificate stored in the TLS_CERT file. Currently, the private key must not be pro‐
tected with a password, so it is of critical importance that the key file is protected carefully. This is a user-only option.
All user-only options must be in .ldaprc or ldaprc file not ldap.conf. Location for .ldaprc/ldaprc is under user's home directory and not under splunk install directory.