Just to follow up on this. You need to have an SSL certificate on the LDAP server you are binding against in order for the SSL/TLS to work. This obviously requires certificate services, IIS, etc to be configured on the domain, so if that isn't there needs to be added.
Only other thing to note, that even with authentication enabled, this still doesn't actually do the authentication for UM Advanced. The user still needs to put their username and password (every time that they are forced to change it) in to the MAS portal in order for Advanced UM to work.