The initial certificate handling code has been implemented for TLS only. Since it works for SSL as well and may be required in some scenarious, use the code whenever any security protocol is configured.
Yes, I tested against Samba 4.7 with both SSL (LDAPS/port 636) and TLS. The CA certificate has been supplied via LdapServer::setTLSCACertFile(...) and verification enforced via LdapServer::setTLSRequireCertificate(LdapServer::TLSReqCertHard). Without this patch, only TLS works even when setting LdapServer::TLSReqCertNever since this option is ignored in the previous implementation for the SSL case. With this patch applied, SSL/LDAPS works fine too.
Normally we only give people after some patches developer access, as with this you have commit access to every KDE repos. In order to push your commit, we need your name, that we use as author of the commit.