Just note that using SSL over port 636 is not a defined protocol, and
may go away in the future. Avoidance of its use when possible recommended.
- IMO StartTLS ext. op. is flawed because there's no way to mandate the
use of it before a misbehaving LDAP client has a chance to send
credentials on the wire.
- Also StartTLS ext. op. is rarely supported by LDAP clients.
=> If the OpenLDAP developers were really crazy enough to remove support
for LDAPS from OpenLDAP I'd kick OpenLDAP out of my business