LDAP and ldaps are not great from a security perspective. They pass password though the application which means a single compromised app will create a full breach.

Better to use OpenID which uses a single sign on portal that tells the underlying app when authentication is successful. It has a much smaller attack surface and allows for much more flexibility.