diff --git a/library/Icinga/Protocol/Ldap/LdapConnection.php b/library/Icinga/Protocol/Ldap/LdapConnection.php
index 2b51ee4d7..af036d1b4 100644
--- a/library/Icinga/Protocol/Ldap/LdapConnection.php
+++ b/library/Icinga/Protocol/Ldap/LdapConnection.php
@@ -1179,25 +1179,7 @@ class LdapConnection implements Selectable, Inspectable
             $info = new Inspection('');
         }
 
-        $hostname = $this->hostname;
-        if ($this->encryption === static::LDAPS) {
-            $info->write('Connect using LDAPS');
-            $ldapUrls = explode(' ', $hostname);
-            if (count($ldapUrls) > 1) {
-                foreach ($ldapUrls as & $uri) {
-                    if (preg_match('/:\d+$/', $uri) === 0) {
-                        $uri = $uri . ':' . $this->port;
-                    }
-                    if (strpos($uri, '://') === false) {
-                        $uri = 'ldaps://' . $uri;
-                    }
-                }
-
-                $hostname = implode(' ', $ldapUrls);
-            } else {
-                $hostname = 'ldaps://' . $hostname . ':' . $this->port;
-            }
-        }
+        $hostname = $this->normalizeHostname($this->hostname);
 
         $ds = ldap_connect($hostname, $this->port);
 
@@ -1212,7 +1194,9 @@ class LdapConnection implements Selectable, Inspectable
         // Not setting this results in "Operations error" on AD when using the whole domain as search base
         ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
 
-        if ($this->encryption === static::STARTTLS) {
+        if ($this->encryption === static::LDAPS) {
+            $info->write('Connect using LDAPS');
+        } elseif ($this->encryption === static::STARTTLS) {
             $this->encrypted = true;
             $info->write('Connect using STARTTLS');
             if (! ldap_start_tls($ds)) {
@@ -1546,4 +1530,33 @@ class LdapConnection implements Selectable, Inspectable
         }
         return $insp;
     }
+
+    protected function normalizeHostname($hostname)
+    {
+        $scheme = $this->encryption === static::LDAPS ? 'ldaps://' : 'ldap://';
+        $normalizeHostname = function ($hostname) use ($scheme) {
+            if (strpos($hostname, $scheme) === false) {
+                $hostname = $scheme . $hostname;
+            }
+
+            if (! preg_match('/:\d+$/', $hostname)) {
+                $hostname .= ':' . $this->port;
+            }
+
+            return $hostname;
+        };
+
+        $ldapUrls = explode(' ', $hostname);
+        if (count($ldapUrls) > 1) {
+            foreach ($ldapUrls as & $uri) {
+                $uri = $normalizeHostname($uri);
+            }
+
+            $hostname = implode(' ', $ldapUrls);
+        } else {
+            $hostname = $normalizeHostname($hostname);
+        }
+
+        return $hostname;
+    }
 }