To do SSL (TLS) encryption from the _very_ beginning of the
 connection set your port (in PINE config) to 636 (ldaps) and set
 these environment variables:

 export PINE_LDAP_BIND_DN="cn=ldap_user,o=top_level_o"
 export PINE_LDAP_BIND_PASSWD="my_password"
 export PINE_LDAP_PROTOCOL="ldaps"

 Note that TLS encryption _will_ be requested of the server each time,
 even when connecting to standard LDAP (port 389), but failure to get
 TLS (the server not supporting it) is non-fatal.

 Here are two functionally identical ways to do plain-text LDAP with
 a bind dn and password, keeping in mind that TLS will always be
 requested on insecure channels, with failure being non-fatal:

 export PINE_LDAP_BIND_DN="cn=ldap_user,o=top_level_o"
 export PINE_LDAP_BIND_PASSWD="my_password"
 export PINE_LDAP_PROTOCOL="ldap"