The Lightweight Directory Access Protocol LDAP is used to read from and write to the Microsoft Active Directory service. By default, LDAP traffic is transmitted unsecured. You can secure LDAP traffic by using SSL/Transport Layer Security (TLS) technology. You can enable LDAP over SSL (LDAPS) by installing a properly formatted certificate from a trusted certification authority (CA).
Note: LDAP over SSL/TLS = LDAPS
If an LDAPS or LDAP/StartTLS service presents a certificate that isn't signed by a known CA (e.g. a self-signed certificate), then DeepSurface will reject this certificate (unless TOFU is enabled).