As far as I know, you can't. But this is not a cant that needs fixing, this is a feature, since the key name is needed to identify this key by the authorization and user identification center. Since you delegate the second to the LDAP server, it makes no sense to have a key for each user. Generally it doesn't. It is more convenient to issue one key and distribute it to all users, and manage access with the help of groups from the LDAP side.

Never solved such a problem, but I would move in the direction of the authentication script.
You need to find or write a simple shell script that will compare the LDAP name and CommonName.
And in case of a mismatch, return an error. When you do this, you can log and send an alert to the VPN administrator.
Perhaps openvpn-auth-ldap will need to be disabled and validate the user login and check for name matches with commonname in his certificate on the script side.
--auth-user-pass-verify /etc/openvpn/scripts/scriptname.sh file
--tmp-dir /dev/shm
I would carefully consider what the --username-as-common-name option does. Will it help solve everything at once?
I think that in this way your problem can be solved.
Or you can make a patch for openvpn-auth-ldap and add an option to the config.