The default LDAP configuration in some distributions (in this case Fedora 16) requires certificate checks when binding in a TLS session. This breaks tl-ldap-certalias in certain circumstances.
The problem is that this is inconsistent with TLNC behaviour, which sets TLS_REQCERT to 'never' in tl_nds_common. This is probably not the most secure behaviour, but perhaps we should consider being consistent either way.
Related: bug 1575
This bug fails to explain what the difference is compared to bug 1575. Closing as a duplicate.
*** This bug has been marked as a duplicate of bug 1575 ***