TLS gives you *authentication*. It proves that the bearer owns the DN specified in the certificate. There is no list of "approved clients" associated with that authentication check.
The consumer (here, the LDAP server) must then do an *authorization* check, determining whether that DN is allowed to access a particular resource or perform a particular action. This authorization check might involve ACLs, or lists of approved clients, or similar structures.