Sorry for the confusion, I posted the right config for AD (screenshot), you just need SSL and port 636, no matter if vpn or not.
I just found the old LDAP thread and wanted to link it here because it’s a similar topic.
EDIT:
You may need a valid certificate or disable strong auth: