Error when trying to connect to LDAP with TLS 'LDAP Result Code 201 "ErrorNetwork": Invalid packet format'

I'm trying make an authentication service with LDAP and TLS using http://www.github.com/mavricknz/ldap
When I use only basic authentication using the following code, everything works just fine.

conn := ldap.NewLDAPConnection(ldapHost, ldapPort)
conn.NetworkConnectTimeout = time.Duration(ldapConnTimeout) * time.Millisecond
conn.ReadTimeout = time.Duration(ldapReadTimeout) * time.Millisecond
if err := conn.Connect(); err != nil {
    log.Println(err)
    resp.WriteHeader(http.StatusInternalServerError)
    return
}
defer conn.Close()
// bind to ldap
if err := conn.Bind(username, password); err != nil {
    ldaperr := err.(*ldap.LDAPError)
    if ldaperr.ResultCode == ldap.LDAPResultInvalidCredentials {
        resp.Header().Set("WWW-Authenticate", `Basic realm="Item Codes Database"`)
        resp.WriteHeader(http.StatusUnauthorized)
    } else {
        log.Println(err)
        resp.WriteHeader(http.StatusInternalServerError)
    }
    return
}

but when I try to applying TLS to my code by changing

conn := ldap.NewLDAPConnection(ldapHost, ldapPort)

to

ldap.NewLDAPTLSConnection(ldapHost, ldapPort, &tls.Config{})

It gives me an error LDAP Result Code 201 "ErrorNetwork": Invalid packet format. That error comes from method conn.Connect() which when I dig into it, it didn't even reach the point where the TLS config or TLS flag has been used.

Ok, I've found my solution. I need to change the port from ldap's 389 to ldaps' 636 because we use TLS protocol. And I also has to use method NewLDAPSSLConnection instead to establish an implicit TLS connection.

I'm not sure why NewLDAPTSLConnection does not work. It use explicit TLS which require us to establish a normal connection first (which use port 389) and then attempt to start TLS over that connection.