After applying the patch "ucr register ssl-ldap-server" needs to be executed to register the UCR variables.

--- /etc/univention/templates/files/etc/ldap/slapd.conf.d/30univention-ldap-server_head.orig	2013-02-25 15:46:10.000000000 +0100
+++ /etc/univention/templates/files/etc/ldap/slapd.conf.d/30univention-ldap-server_head	2013-02-25 15:46:13.000000000 +0100
@@ -4,9 +4,9 @@
 loglevel		@%@ldap/debug/level@%@
 allow			bind_v2 update_anon
 
-TLSCertificateFile	/etc/univention/ssl/@%@hostname@%@.@%@domainname@%@/cert.pem
-TLSCertificateKeyFile	/etc/univention/ssl/@%@hostname@%@.@%@domainname@%@/private.key
-TLSCACertificateFile	/etc/univention/ssl/ucsCA/CAcert.pem
+TLSCertificateFile	@%@ldap/ssl/certificate@%@
+TLSCertificateKeyFile	@%@ldap/ssl/key@%@
+TLSCACertificateFile	@%@ldap/ssl/cacertificate@%@
 
 sizelimit		@%@ldap/sizelimit@%@
 
--- /etc/univention/templates/files/etc/ldap/ldap.conf.orig	2013-02-25 15:49:16.000000000 +0100
+++ /etc/univention/templates/files/etc/ldap/ldap.conf	2013-02-25 15:49:12.000000000 +0100
@@ -6,7 +6,7 @@
 # See ldap.conf(5) for details
 # This file should be world readable but not world writable.
 
-TLS_CACERT /etc/univention/ssl/ucsCA/CAcert.pem
+TLS_CACERT @%@ldap/ssl/cacertificates@%@
 
 @!@
 port=baseConfig.get('ldap/server/port','7389')
--- /etc/univention/templates/info/ssl-ldap-server.info.orig	1970-01-01 01:00:00.000000000 +0100
+++ /etc/univention/templates/info/ssl-ldap-server.info	2013-02-25 15:58:02.000000000 +0100
@@ -0,0 +1,9 @@
+Type: multifile
+Multifile: etc/ldap/slapd.conf
+Variables: ldap/ssl/cacertificate
+Variables: ldap/ssl/certificate
+Variables: ldap/ssl/key
+
+Type: file
+File: etc/ldap/ldap.conf
+Variables: ldap/ssl/cacertificates