From SPP version 6.11 LDAPS protocol is supported for an Active Directory System under Assets. To enable this ensure AD is configured to serve LDAPS requests, and then tick the "Use SSL Encryption" on the General tab.
If using LDAP then Safeguard follows the standard behavior of Windows / Microsoft protocols and attempts to use the highest level of security that the connection will allow. Safeguard connects via LDAP on ports TCP/389 and TCP/3268. These connections use Kerberos / GSS-API and SASL to authenticate and encrypt LDAP communications. This is the same mechanism used by Windows desktop AD logins. Unsecured LDAP is not used.