Make install create the private dir and a tls dir within it. If provision is used without targetdir option the provision is OK because the tls dir already exists. But it provision script is used with --targetdir (to specify an alternate place to store the provision) then the tls dir is not created and at the startup samba process complains about not being able to create self signed certificate for ldap. Creation of this dir and restart of samba remove this error (and certs are indeed created).
Yeah that's indeed a bug. The best solution would be to check the "target dir" parameter of the provision script to make sure that it matches the installation directory(ies).
Fixed by your patch in 3ed0cae14bdf88387abc016d678127d477d760b7