Comment 3 for bug 1544355

Thanks for creating a the fix.

The CA chain field is dependent on settings:ldap.use_tls.value == true. This is not correct.
in ldap setting you may have ldaps://ldap server URL but tls disabled. This means ssl protocol will be used instead of tls and CA chain still may be needed.

The variable name tls_cacertfile may be confusing at this point but it still valid use case. This two options should be independent on each other.