i would try changing the username to UPN.
:user: 'user@domain.tld'
# Ldap user able to query, if not set connects as anonymous. For
# Active Directory append the domain name. Example:
# Administrator@my.domain.com
#:user: 'admin'
#:password: 'password'
and leave encryption commented, not blank.
#:encryption: :simple_tls
here is an example you can try out