openldap can take a directory full of CA certificates via LDAP_OPT_X_TLS_CACERTDIR, exposed in APR trunk/1.3.x as APR_LDAP_CA_TYPE_CACERTDIR_BASE64: This is useful for LDAPTrustedGlobalCert on this platform because it seems to be the most direct way to configure more then 1 trusted authority, as multiple CACERT_BASE64 are not allowed.