LDAP on RHEL7

I have been working on an issue with LDAP in our environment and wanted to pose a couple of questions about getting LDAP working properly on RHEL7 hosts.

We currently have a functional LDAP environment for some Unix/Solaris hosts that has been working for a while. However; at this point we do not have it running over SSL. All of the traffic is internal - and I realize this is not optimal.

However; when attempting to implement LDAP on Linux 7, I have been running into numerous issues. We had a scripted install, somewhat based off of the configuration of the other Unix/Solaris hosts.

At this point - I have one main question.. will unsecured LDAP even work with RHEL7 at all?

One of the main reasons I ask this (aside from the issues we are having) is this article I found:

https://access.redhat.com/solutions/1198543

The resolution for this specifc issue is: "In RHEL7 /etc/pam_ldap.conf has been deprecated. Instead of /etc/pam_ldap.conf use SSSD."

But this doesn't specifically say that 'SSSD' is required for LDAP to function, although it does lead me to suspect that it is. Even when I add "ldap_tls_reqcert = never" to the SSSD.CONF file, the logs still complain about TLS.

From the journal:

sssd[be[default]][16401]: Could not start TLS encryption. error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

sssd[be[default]][16401]: Backend is offline

And in sssd_nss.log:
[sssd[nss]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Offline]

I am attempting to troubleshoot this on an Oracle Enterprise Linux 7 server, although the problem is pretty much identical on our RedHat 7 hosts. I suspect the fix will be the same for both of them.

At this point - my primary question is if LDAP will work without TLS/SSL on RHEL7