Do not set the LdapServerPort property to 636. LdapServerPort is deprecated. See LdapServerName and LdapServerPort [Deprecated].
Configure the LdapServerName property, using an ldaps prefix, to simultaneously enable SSL protection and specify the required port number, 636:
<Mechanism Name="ldap"> <MechanismProperties LdapServerName="ldaps://myserver/" ... /> </Mechanism>