So other applications are actually happy, but windows LDP.exe is not (Which I am okay with for now).
I am now successfully connected via LDAPS on port 3269 using LDAP intergration on Nextcloud.
Here is what I did, just in case someone else is trying to do the same...
First, get your LDAPS certificate from your zentyal domain. We will call this zentad1.domain.com.
echo -n | openssl s_client -connect zentad1.domain.com:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
You will then get a certificiate in the terminal. You want to grab everything from BEGIN CERTIFICATE to END CERTIFICATE:
-----BEGIN CERTIFICATE-----
You will get a bunch of randomized characters here.
This is your actual certificate.
-----END CERTIFICATE-----
You then want to save this somewhere else as a .pem file. In the case of my Nextcloud VM running ubuntu 16.04, this was:
/etc/ssl/certs
cd /etc/ssl/certs
sudo nano zentyalad.pem
Here you will copy and paste your cert. You can obviously use whatever text editor you want. You can then save with Ctrl + O (using nano).
once this is saved, you need to edit your openldap conf since this is what nextcloud/owncloud uses. In my particular instance, this file was located at /etc/ldap/ldap.conf
Using nano I added two lines:
TLS_CACERT /etc/ssl/certs/zentyalad.pem
CertificateFile /etc/ssl/certs/zentyalad.pem
I rebooted the server, and I was able to change LDAP to LDAPS over port 3269!
*edit*
CA and LDAPS certificates can be found here:
/var/lib/samba/private/tls