You need to use secure communication between the Enforce server and the AD server.
Any and all certificates for the AD server need to be added to the DLP enforce server's java cacerts file. The default directory for that file is
DRIVE:\PATH\TO\JAVA\lib\security\cacerts
The certs can be added with java keytool (comes included with Java in the bin directory) with the below command
keytool -import -file /PATH/TO/CERTS/cert.cer -alias sldap_cert -keystore DRIVE:\PATH\TO\JAVA\lib\security\cacerts -storepass changeit
After adding all the certs, recycle the SymantecDLPManagerService, and configure the AD connection to use sldap. See the screenshot below