Check if SSL/TLS handler is already in place
Authentication against a LDAP server should always use an
encrypted connection. To acchive this the LDAP provider calls
ldap_start_tls which will fail if the connection is already
encrypted, e.g. if an ldaps tunnel is already established.
Because the error message from ldap_start_tls is not specific we
check the status with ldap_tls_inplace before calling ldap_start_tls.