Most of the LDAP connections from IBM WebSphere Application Server are configured with TLS. So you need to have the root certificate in the WebSphere truststore to connect.
In the past I had several issues where MS Active Directory certificates for LDAPS are only valid for one year. They were automatically recreated on the AD side, and the certificate is not using the domain root certificate but a self-signed one.
This is a companion discussion topic for the original entry at https://stoeps.de/posts/2025/websphere_troubleshooting_disable_security/