For test, I’d rather set up a SSH tunnel for the localhost:389 endpoint
I would to test from web app…
'cos by this command (without -Z options) returns the same error
ldapsearch -b dc=domain,dc=com -h ip_hostname -D uid=lanno,ou=People,dc=domain,dc=com -W