Issues with LDAPS

Hello,

I’m trying to connect from the NADI plugin to my Windows Active Directory domain controllers via LDAPS and having no success. Just a little background… CentOS 7 server running PHP 7.1 and latest WordPress version. Trying to connect to Server 2012 R2 domain controllers via LDAPS. Things I’ve tried/ruled out:

1) I’ve confirmed I have configured LDAPS fine on my domain controllers (generated/installed certs, and confirmed I’m able to use LDAPS from a different server: my Barracuda appliance). So, in general, LDAPS is prepped and ready.
2) I’ve confirmed from my CentOS 7 WordPress server that I can reach my domain controllers over all the essential LDAP/LDAPS ports: 389, 636, 3268, 3269 by using nc (netcat).
3) I’ve followed this guide to the best of my ability: https://active-directory-wp.com/docs/Networking/Encryption_with_TLS.html and had no success. I was able to query my domain controller for its certs just fine using the command: openssl s_client -debug -connect $DOMAIN_CONTROLLER:636 -showcerts
4) I believe I have ruled out SELINUX being the cause, as the issue happens whether in permissive mode or not.
5) Regular LDAP without encryption works fine, so that confirms I have all my connection settings configured properly in the NADI plugin.

Regardless of what I try, the NADI logs show that LDAPS results in a “bind to Active Directory failed” and “AD: Can’t contact LDAP server”. My best guess is that it is still struggling with my domain controller’s self-signed certificate. Again, I followed the NADI manual to the best of my ability… must be missing something… any help would be appreciated. Thanks!