"ssl start_tls" is not a valid directive in the OpenLDAP ldap.conf file. It may be valid in PADL's ldap.conf file. "TLS_CACERT" is an OpenLDAP directive, and probably not a PADL directive. As is often the case, you have confused the two packages. Your problem is most likely due to your PADL nss/pam configuration, and this question belongs on the nssldap@padl.com or pamldap@padl.com mailing list, not here.
Apologies for hitting the wrong list.
-Fran