The Jenkins LDAP-Plugin doesn't support the LDAP StartTLS extension that we would need to access our LDAP server. See also this discussion on the mailing list: http://jenkins.361315.n4.nabble.com/StartTLS-td372639.html
I have investigated a bit to check what would be needed to support that feature, and it seems that the version of acegi-security that Jenkins uses is too old. Spring-ldap supports StartTls since version 1.3.0 (which is part of Spring 3.0).
I have also voted for
JENKINS-5303 to upgrade acegi-security.