Using the dsconfigad(8) command, you can allow, disable, or require packet encryption between Active Directory clients and servers.
If packet encryption is used, packets between an Active Directory client and server are encrypted and signed using Kerberos by default. To use SSL instead, issue this command in Terminal as an admin user:
dsconfigad -packetencrypt ssl
If the server uses an untrusted certificate, you'll need to add the root and any necessary intermediate certificates to the client's System keychain using Keychain Access. If you wish to disable verification of the certificate (which should only be done for testing), you can change this line:
in /etc/openldap/ldap.conf, on the client.
For more information, you can view the dsconfigad(8) manual page by typing man dsconfigad in Terminal.