Oracle - LDAP over SSL without OAS

First, you need to install DBMS_LDAP package to use LDAP on Oracle database at all:

CONNECT / AS SYSDBA
@?/rdbms/admin/catldap.sql

then install and configure stunnel:

$ apt-get install stunnel
$ cat <<EOF > /etc/stunnel/ldap.conf
client = yes

[LDAPS-client]
accept  = 127.0.0.1:389
connect = ldap.example.com:636
EOF
$ sed -i.bak 's/ENABLED=0/ENABLED=1/' /etc/default/stunnel4 
$ invoke-rc.d stunnel4 restart

That’s it! Let’s test our configuration:

SET SERVEROUTPUT ON

DECLARE
    LDAPSession DBMS_LDAP.session;
    LDAPResult  PLS_INTEGER;
BEGIN
    DBMS_LDAP.use_exception := TRUE;
    LDAPSession := DBMS_LDAP.init( 
        hostname => '127.0.0.1', 
        portnum  => 389
    );
    LDAPResult  := DBMS_LDAP.simple_bind_s(
        ld     => LDAPSession, 
        dn     => 'cn=user,dc=example,dc=com', 
        passwd => 'password'
    );
    DBMS_Output.put_line('User authenticated!');
    LDAPResult  := DBMS_LDAP.unbind_s(LDAPSession);
END;

Hint: for testing purposes you can also use socat:

$ socat TCP-LISTEN:389,reuseaddr,fork OPENSSL:ldap.example.com:636,verify=0