I was seeing this:

"/var/run/slapd-*socket"}, 110) = -1 ENOENT"

Unable to get connection, skipping disabling agreements: Unable to bind to LDAP server: [Errno 2] No such file or directory

"Server error - while fetching master key K/M for realm

After debugging, stracing, traffic dumping and generating a selinux module, the module indicated:

#============= dirsrv_t ==============
allow dirsrv_t unlabeled_t:file append;

#============= krb5kdc_t ==============
allow krb5kdc_t unconfined_t:unix_stream_socket connectto;
allow krb5kdc_t var_run_t:file { write getattr open };

This told me there was a labeling issue. sudo touch /.autorelabel and reboot. It worked again after that (and selinux is still nicely enabled).