If your server supports LDAP over SSL, you can just use "ldaps://..." in the LDAP_URI. That's probably a simpler route for most people. If the server doesn't listen on port 636, then you have to use a normal "ldap://" on port 389 and call start_tls_s(). Your change looks fine to me for that case.
TLS support for LDAP authentication
Review Request #433 — Created July 1, 2008 and submitted
Add TLS support to the LDAP authentication backend. Enable by adding LDAP_TLS=True to settings_local.py. Assumes appropriate settings (certificate, etc.) in /etc/ldap/ldap.conf.
Authentication continues to work here.
Looks good. Committed as r1391.