Our AD doesn't seem to support TLS so in order to have ldap traffic secured ldaps on port 636 is the only way to go. I tried tricks mentioned in FAQs such as using ldaps:// prefix but connection still failed. Not much clue is given by test tool.
My hunch is that AD usually uses a self-signed SSL cert so WP/PHP doesn't trust it. Is there any way to ignore SSL verification, especially trusted root CA?
Other diagnostic tips are appreciated.