The LDAPAuthentication authentication method doesn't support the StartTLS extension, which lets DSpace communicate with the LDAP server over a standard TLS-secured channel.
Please note that this is a different form of communication from LDAPS, which is supported. LDAPS is a separate protocol on port 636, while LDAP over TLS is on standard LDAP port 389.
The LDAPAuthentication class is here:
An example of how to implement StartTLS is here:
StartTLS should be an optional boolean parameter in [dspace]/config/modules/authentication-ldap.conf