For anyone who is interested, Apple didnt want to know about the problem and suggested it was a problem with my "server settings". I got bounced around departments a bit, didnt speak to anyone who even knew what LDAP meant. The issue got "escalated" to an engineer. They said it was not an IOS issue...........
OK. Finally got this working. Here is what I did:
1. IOS doesn’t support self-signed certificates so got a cert from GoDaddy
2. Imported that into my CA
3. Created a sub domain (ldaps.domain.co.uk) pointing to the public IP address of my server with Active Directory on it (DNS through webhosting).
4. Opened up Port 389 on my firewall (for SLDAP IOS still uses port 389, not 636) and forwarded to my Active Directory server.
5. On iPhones I used ldaps.domain.co.uk for the LDAP server location and turned on SSL. Also used domain\user for account.
6. Setup search base.
7. Used Wireshark to ensure packets are definitely encrypted.
All works - Happy Day
Sorry but what you say is wrong. I use a self signed certificate with my own CA and it works.
Last summer (september/october), I worked on this topic, to get my iphone connect to my ldap server with encryption.
Turning on the SSL option switched the connection to port 636/tcp.
I used iOS 5
Yesterday I decided to restart my ldap server (I'm a geek sorry, it's just a personal ldap server). And had hard time this morning debuging it. Tcpdump shown no sign of packets although, ldap connection without SSL worked. I was thinking it was a NAT problem but no.
The flow goes to port 389/tcp in both case and use STARTTLS with SSL enabled. I have iOS 6.1.2
So, to me, how ldap with ssl works depends on your firmware version. You probably expected the flow to arrive on port 636/tcp whereas it arrived on port 389/tcp and got dropped by your firewall.
I always read (on my iphone) what are the new features before upgrading my iOS firmware version and I don't remember I've read they would change the ldap ssl behavior.
The iPhone is even more confusing because it says something like "Use SSL" (I translate it from french).
LDAP over SSL uses port 636/tcp so this was correct in iOS5, now that it's using port 389/tcp it should be written use TLS ! So it's Apple misleading the users in their configuration.
Happy day =)