I've tried all the possible solutions I could find and nothing worked until I created one certificate per domain controller with the IP address in the common name.
Before, I had one certificate for all domain controllers with the different names in the subject alt name section.
Is this not supported?
Before I changed to a single certificate per DC, I always got this error in the logs.
opnsense: LDAP bind error [TLS: hostname does not match CN in peer certificate,Can't contact LDAP server]