[CentOS] securing ldap with tls and security

Hello, I'm trying to set up a centos 5.3 machine to do authentication via openldap. I've got it working, I'm not sure if I have it 100% right, but I can use ldapsearch to query the directory, use finger, id, chown, and other utilities with ldap usernames and groups, log in via ssh as an ldap user and if it's a new user automatically have the home directory created.

Having got this far if anyone with a working ldap authentication system could give my config a sanity check let me know. My goal now is to get tls encryption going so that usernames and passwords aren't sent in the clear. I'm using self-signed certificates for now.

Any help appreciated. Thanks. Dave.