Some Linux distributions have enabled 'ssl start_tls' as default,
please check your /etc/ldap.conf carefully.
thanks for your help. Tracing getent passwd, i could see that ldap.conf
is first searched in /etc, then in /etc/openldap. And OpenSUSE 11.0
installs /etc/ldap.conf with the pwdutils package and
/etc/openldap/ldap.conf with the openldap package. I did all my
configuration work in /etc/openldap/ldap.conf. But /etc/ldap.conf
contains the line ssl start_tls. I´ve now removed /etc/ldap.conf and the
nss_ldap error is gone.
I will probably open a bugzilla case because it´s very annoying.