Libnss-ldap.conf
From ISPMan
Recipe: How to do an encrypted nss-lap query over the net via LDAP V3 and start_tls (NOT ldaps, that a differnt thing on a different port .. and it's legacy):
host %%LDAPSERVER1%% %%LDAPSERVER2%% base ou=foo,o=ispman ssl start_tls tls_checkpeer yes tls_cacertfile /etc/ssl/VFRSTLSR.pem pam_lookup_policy yes nss_base_passwd ou=people,ou=foo,o=ispman?one?host=%%HOST%%