ldap: allow specifying the encryption used

So the user can decide between SSL/TLS.
We still default to encryption on and use the default ports since
no one required something different until now and
to not bloat the config.

src/DependencyInjection/Configuration.php

@@ -24,6 +24,11 @@ class Configuration implements ConfigurationInterface
             ->scalarNode('base_dn')->end()
             ->scalarNode('username')->end()
             ->scalarNode('password')->end()
+            ->enumNode('encryption')
+                ->info('simple_tls uses port 636 and is sometimes referred to as "SSL", start_tls uses port 389 and is sometimes referred to as "TLS"')
+                ->values(['start_tls', 'simple_tls'])
+                ->defaultValue('start_tls')
+            ->end()
             ->end();
 
         $attributesBuilder = new TreeBuilder('attributes');

src/Service/LDAPApi.php

@@ -97,8 +97,13 @@ class LDAPApi implements LoggerAwareInterface, ServiceSubscriberInterface
             'base_dn' => $config['ldap']['base_dn'] ?? '',
             'username' => $config['ldap']['username'] ?? '',
             'password' => $config['ldap']['password'] ?? '',
-            'use_tls' => true,
         ];
+
+        $encryption = $config['ldap']['encryption'];
+        assert(in_array($encryption, ['start_tls', 'simple_tls'], true));
+        $this->providerConfig['use_tls'] = ($encryption === 'start_tls');
+        $this->providerConfig['use_ssl'] = ($encryption === 'simple_tls');
+        $this->providerConfig['port'] = ($encryption === 'start_tls') ? 389 : 636;
     }
 
     public function setDeploymentEnvironment(string $env)

tests/PersonTest.php

@@ -40,6 +40,7 @@ class PersonTest extends ApiTestCase
         $this->api = new LDAPApi(self::createClient()->getContainer(), $eventDispatcher);
         $this->api->setConfig([
             'ldap' => [
+                'encryption' => 'simple_tls',
                 'attributes' => [
                     'email' => 'email',
                     'birthday' => 'dateofbirth',