2+ years later or 2 Debian releases later, I would have hoped these issues would be, somehow, magically, fixed by now :-(
Basically makes libpam-ldap + TLS broken with certain programs.
libnss-ldap is probably also broken, but seems you should be using libnss-ldapd these days which may (?) avoid these problems.
(I stopped using LDAP for authentication as a direct result of these problems - hardly a good selling point for Debian; so if something has changed I may not have noticed)