diff --git a/src/DependencyInjection/Configuration.php b/src/DependencyInjection/Configuration.php
index c91b3c53f23dd4a6e49e5ae0c2eeea5adefc7236..02cbf9683fea7f3cea5385b06c7fe77530e64ab8 100644
--- a/src/DependencyInjection/Configuration.php
+++ b/src/DependencyInjection/Configuration.php
@@ -24,6 +24,11 @@ class Configuration implements ConfigurationInterface
             ->scalarNode('base_dn')->end()
             ->scalarNode('username')->end()
             ->scalarNode('password')->end()
+            ->enumNode('encryption')
+                ->info('simple_tls uses port 636 and is sometimes referred to as "SSL", start_tls uses port 389 and is sometimes referred to as "TLS"')
+                ->values(['start_tls', 'simple_tls'])
+                ->defaultValue('start_tls')
+            ->end()
             ->end();
 
         $attributesBuilder = new TreeBuilder('attributes');
diff --git a/src/Service/LDAPApi.php b/src/Service/LDAPApi.php
index 5eeb7465bc8118009415043f5203497d9849f99e..25bfbe082f2981d9f9548a3e71af16a8081b91c4 100644
--- a/src/Service/LDAPApi.php
+++ b/src/Service/LDAPApi.php
@@ -97,8 +97,13 @@ class LDAPApi implements LoggerAwareInterface, ServiceSubscriberInterface
             'base_dn' => $config['ldap']['base_dn'] ?? '',
             'username' => $config['ldap']['username'] ?? '',
             'password' => $config['ldap']['password'] ?? '',
-            'use_tls' => true,
         ];
+
+        $encryption = $config['ldap']['encryption'];
+        assert(in_array($encryption, ['start_tls', 'simple_tls'], true));
+        $this->providerConfig['use_tls'] = ($encryption === 'start_tls');
+        $this->providerConfig['use_ssl'] = ($encryption === 'simple_tls');
+        $this->providerConfig['port'] = ($encryption === 'start_tls') ? 389 : 636;
     }
 
     public function setDeploymentEnvironment(string $env)
diff --git a/tests/PersonTest.php b/tests/PersonTest.php
index 2bea8c4f7d3de77afde4d4a24c8f410bfe95675f..d4ff57bfde31a61adec35cfa36171d70d0530d44 100644
--- a/tests/PersonTest.php
+++ b/tests/PersonTest.php
@@ -40,6 +40,7 @@ class PersonTest extends ApiTestCase
         $this->api = new LDAPApi(self::createClient()->getContainer(), $eventDispatcher);
         $this->api->setConfig([
             'ldap' => [
+                'encryption' => 'simple_tls',
                 'attributes' => [
                     'email' => 'email',
                     'birthday' => 'dateofbirth',