SSL Problem: TLS negotiation failure

I've seen this discussed in the archives but none of the solutions (or
admissions of error by the original poster) seem to apply:

I am running an Ubuntu OpenLDAP server and have a Debian client machine
with pam_ldap/libnss-ldap

The server binds to ldap:// and ldaps://

The slapd.conf file contains the following:

 TLSVerifyClient allow
 TLSCACertificateFile /etc/ldap/foo.org.pem
 TLSCertificateFile /etc/ldap/foo.org.pem
 TLSCertificateKeyFile /etc/ldap/foo.org.pem

The client works fine when configured to connect to ldap:// with the
following config files for both /etc/pam_ldap.conf and
/etc/libnss-ldap.conf:

 base dc=foo,dc=org
 uri ldap://foo.org/
 ldap_version 3

Subsequently, I change the uri to point to ldaps://foo.org/ and add the
following lines to /etc/pam_ldap.conf and
/etc/libnss-ldap.conf:

ssl on
sslpath /etc/ssl/certs
tls_cacertdir /etc/ssl/certs
tls_checkpeer no

Running ldapsearch -x with the following /etc/ldap/ldap.conf file works
fine:

 BASE dc=foo,dc=org
 URI ldaps://foo.org
 TLS_REQCERT allow
 TLS_CACERTDIR /etc/ssl/certs

So, I restart nscd to be sure and attempt to login via ssh. However,
I get the following in the syslog of the server:

Oct  7 22:36:16 jem slapd[25824]: conn=10 fd=23 ACCEPT from
IP=192.168.0.111:46515 (IP=0.0.0.0:636)
Oct  7 22:36:23 jem slapd[25824]: conn=10 fd=23 closed (TLS negotiation
failure)

Running strace -f /usr/sbin/sshd -d seems to show lots of open calls to
the files in /etc/ssl/certs.

I look forward to receiving any assistance.

regards

Neil