I have seen the same issue where my TLS fails. I have done a lot of configuration and been running mediawiki since 1.26 in production. I can test PHP client program from my linux server to the LDAP/AD server just fine; bind and connect.
Note I have written brief php test programs to run ldap bind, ldap connect, ldaps, and ldap starttls. I test them against our AD servers fine and the only one the fails is the STARTTLS test from port 389.
Maybe the mediawiki PHP code uses STARTTLS by default and fails there?
I would like to just use port 636 and TLS and not bother with 389 or StartTLS . How do we do that?
We have legacy apps that use clear 389 and we cannot setup StartTLS on that port for a while yet. We do support TLS/636 and can use that, but mediawiki needs to support that as a unique option; more than just StartTLS.
I have ran my own php tests the same, and also the extensions/LDAPProvider/maintenance/ShowUserInfo.php and extensions/LDAPProvider/maintenance/ShowUserGroups.php and they throw the same errors.
I can run PHP tests with 'clear'/389 and TLS/636 which work , but even those fail when I try a 'StartTLS' connection.
What setting can we change to just set it at 636/TLS?
The server fails every login and gives the same odd message of port configuration error it looks like:
2020-11-25 01:15:56 wikidb: In execute()
2020-11-25 01:15:56 wikidb: Getting PluggableAuth singleton
2020-11-25 01:15:56 wikidb: Class name: MediaWiki\Extension\LDAPAuthentication2\PluggableAuth
2020-11-25 01:15:56 wikidb: ldap_connect( $hostname = 'ldap://addc02.mydomain.com:636', $port = 389 );
2020-11-25 01:15:56 wikidb: # __METHOD__ returns Resource id #893
2020-11-25 01:15:56 wikidb: Setting LDAP_OPT_PROTOCOL_VERSION to 3
2020-11-25 01:15:56 wikidb: ldap_set_option( $linkID, $option = 17, $newval = 3 );
2020-11-25 01:15:56 wikidb: # returns 1
2020-11-25 01:15:56 wikidb: Setting LDAP_OPT_REFERRALS to 0
2020-11-25 01:15:56 wikidb: ldap_set_option( $linkID, $option = 8, $newval = 0 );
2020-11-25 01:15:56 wikidb: # returns 1
2020-11-25 01:15:56 wikidb: Setting LDAP_OPT_DEREF to 1
2020-11-25 01:15:56 wikidb: ldap_set_option( $linkID, $option = 2, $newval = 1 );
2020-11-25 01:15:56 wikidb: # returns 1
2020-11-25 01:15:56 wikidb: ldap_start_tls( $linkID );
2020-11-25 01:15:56 wikidb: # returns