That’s true.
With StartTLS it’s just ldap:// too,
To test starttls:
ldapsearch -Z -D CN=admin,CN=Users,DC=ad,DC=domain,DC=tld -w <PASSWORD> -b CN=Users,DC=ad,DC=domain,DC=tld -h <NSDC IP>
To test ssl:
ldapsearch -D CN=admin,CN=Users,DC=ad,DC=domain,DC=tld -w <PASSWORD> -b CN=Users,DC=ad,DC=domain,DC=tld -H ldaps://ad.domain.tld