We need to change from LDAP to LDAPS on our CUCM.
I have change the port to 3269, do I need to tick the use TLS button?
also I assume this wont remove any of my users whilst we do it? I was worried about all the phones logging out?
If not changes to the users accounts (UserID) are the same you should be OK. Check this link and follow recommendation from @Jaime Valencia AKA the guru ;)
Correct, you need to change the port and tick TLS checkbox, assuming your LDAP servers and CUCM cluster both trust the same CA, i.e. Tomcat cert is signed by the same CA as LDAP server is using.
There will be no impact to users as you are still pointing to the same LDAP server using the same username mapping attribute.
It needs to be in the Tomcat-Trust, but more importantly the actual Tomcat cert needs to be signed by the common CA and not be self signed. You can always test it by just updating the port and ticking the TLS checkbox on pressing Save as that does not trigger any sync automatically, etc. If you get an error it's descriptive enough to tell you it's cert related, if it saves without error then it works.