Redmine 3.4-stable specifies net-ldap 0.12.0 in Gemfile.
There is a known vulnerability, and an update to 0.16.0 is recommended. (CVE-2017-17718)
Redmine trunk has already been updated to 0.16.0.
Please also implement the same fix for 3.4-stable.
In Github's repository, vulnerabilities are being warned.
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
Gemfile update suggested:
net-ldap ~> 0.16.0