Hi thanks or the good course, I enjoyed it.

I noticed that you were using startTLS=true for your LDAP config.

startTLS is only used when initiating TLS communication over a non secure LDAP connection (389), there is no need for it when connecting over an already secure connection using SSL/TLS (636).

link to the HC Vault doc

https://www.vaultproject.io/docs/auth/ldap.html#connection-parameters

good info on SSL/TLS vs StartTLS

https://kb.sos-berlin.com/pages/viewpage.action?pageId=18778435

the two spots this is done.