I found my issue: the group membership attribute should be "memberOf" instead of member as posted by OP.

@fly_tagart Bonjour,

Pourriez-vous expliquer un peu plus en détails votre solutions ?
Car je suis confronté au même problème.

C'est-à-dire que en LDAP, je n'ai aucun soucis tout fonctionne correctement. Mais dés que je passe en LDAPS, rien ne va.

J'ai tenter de :

Créer le certificats depuis le pfsense (complètement) Créer une CA sur l'AD et l'importer sur le pfsense

Rien ne fonctionne. En analysant les paquets avec Wireshark je vois "CA unknown"

Merci a vous
Bonne journée

It seems to be solved.
Found a topic saying that when a change from ldap to ldaps happens, a 16) Restart PHP-FPM is required..

In case it happens again I'll post here, thanks.

I spent hours digging into the ldaps connection issues I had through the GUI on pfsense. I used openssl s_client in the shell to determine where the issue was with the verification of the CA.

openssl s_client -CAfile /etc/ssl/file.pem hostnamehere:636

Anytime I specified the CA file location openssl returned no errors... so I was perplexed why it wasn't working in the GUI. I eventually ran across this post and I am very grateful:

https://forum.netgate.com/topic/145578/ldaps-ad-bind/21

Essentially after changing the LDAP authentication server to LDAPS on port 636 you MUST restart php-fpm. I did this by running option 16 in the console.

I am currently on 2.4.5

I hope this post helps someone else if they find themselves in this situation.