Okay, I think I found it:
The latter is the default configuration. (The S4-Connector operates locally and not over the network, so SSL/TLS can be considered overhead).
To resolve your problem it should be sufficient to execute:
ucr unset connector/s4/ldap/binddn
ucr set connector/s4/ldap/ssl=no
service univention-s4-connector restart
The S4-Connector demands a certificate via "connector/s4/ldap/certificate" if "connector/s4/ldap/ssl" is anything else than "no". In your case "connector/s4/ldap/ssl" is set to an empty string. Since this is not the same as "no", the error is shown.
Additionally, "connector/s4/ldap/binddn" should be unset (that is what "" indicates), unless you really want to use a different DN than the default one. Especially it should not be set to an empty string as in your case, because again: an empty string is not the same as no value at all (unset / ).
I hope this was helpful