I have a little problem with auth against LDAP. Everything works fine on the system, IMAP, POP, login, SMB etc. etc.. But when trying to auth via a VMware service, I get this in my syslog: vmware-authd[7010]: pam_ldap: ldap_starttls_s: Connect error When you disable SSL, does it work with a user other than root? You could maybe try to disable the verification of the server identity by putting "tls_checkpeer no" in /etc/ldap.conf: Is it possible that you maybe have an ldaprc file that override your global value that would explain that it works with root but not with other users? It must be in the VMware auth daemon somehow.. I just don't know where... If I disable TLS, it works just fine. No ldaprc file anywhere...
Make sure hostname resolution works properly, for both forward and reverse, from the VMware host. And that the VMware has permissions to the appropriate key/cert files.