This is a tested, and working version of our ldap server.
After a couple of days of my friend and I banging our heads against the wall to find out why ssl wasn’t working in ldap, we finally got it.
Here is the output:

On the server side, we must include these lines, for the clients to be able to read the cert files, add the lines in /etc/ldap/slapd.conf

TLSCertificateFile /etc/apache2/ssl/ssl-server.pem
TLSCertificateKeyFile /etc/apache2/ssl/ssl-server.key
TLSCipherSuite ALL
TLSVerifyClient never

On the client side, it’s a bit more trickier

Lets edit the /etc/pam_ldap.conf and add/change these lines:

host ldap.example.com # must be the FQDN used in the cert file
base ou=ldap,dc=example,dc=com # the ldap base directory
uri ldaps://10.10.1.123:636 # the ip address of the ldapserver, mentioning the ldaps port 636.
ldap_version 3 # we’re going to use ldap version 3
port 636 # and port 636
scope sub
bind_policy soft
pam_filter objectclass=posixAccount # account type to filter for in the ldap directory
pam_filter active=1 # So only active users could log on.
pam_password exop # external operation, server will convert the password into the stored format.
nss_base_passwd ou=People,ou=hng,dc=av,dc=it,dc=pt?one
nss_base_shadow ou=People,ou=hng,dc=av,dc=it,dc=pt?one
nss_base_group ou=groups,ou=hng,dc=av,dc=it,dc=pt?one
ssl on # we must turn on ssl
tls_checkpeer no # dont permit tls to checkpeer
tls_ciphers TLSv1 # we’re using the TLSv1 ciphers
tls_reqcert allow # we have to allow tls to ask for cert files to the server
pam_sasl_mech PLAIN # since we’re going over ssl no point in encrypting the data, so we’ll send it plain.