the answer is not exactly. What I'm saying is that if you have SSL support in slapd.conf you can have a server operating on SSL, in other words a ldaps on port 636, or a normal ldap on port 389 with StartTLS operation enabled, or both.
What server runs on your machine is controlled by the slapd binary with the -h option. For example:
slapd -h ldap:// ldaps://
If your slapd.conf has SSL options loaded, this will launch a StartTLS capable daemon on port 389 (which is also capable of unencrypted communication) and a SSL only daemon on port 636.
Under StartTLS you are leaving the security of the system to the clients because the ldap:// is capable of unencrypted communication. If you require SSL only connections and have no direct control of user applications, load slapd with only the SSL capable daemon like so:
I haven't tried ldap connections with any of the programs you wish to use, so I can't really say anything worth while. If I have the time I'll look into it.
For now, I hope this helps.