Here's one for the shell nuts:
sudo $EDITOR /etc/ldap/ldap.conf
Add the following line: 

TLS_REQCERT never

Warning: This is not completely secure, since it ignores the certificate checks. There are instructions (Update: sorry, the link is dead), but it's not clear which of the two CA certificates I should use, and whichever I try, I get no useful feedback from ldapsearch even with -d 255. If you manage to use the certificates properly, I'd be grateful if you'd let me know how.

Now for the meat (replace $(whoami) with your CERN user name if it's not the same as your login): 

ldapsearch -v -H ldaps://ldap.cern.ch:636 -s sub -b O=CERN,C=CH -D cn=$(whoami),ou=users,o=cern,c=ch -x -W "(uid=$(whoami))"