Glad to help, be aware though that TLS_REQCERT allow essentially tells the system not to validate if the server name you are calling matches the subject of the certificate.
If the LDAP server's certificate has a subject, it needs to match in the XI auth server settings exactly so it matches when comparing against the certificate, otherwise the certificate won't validate properly because that's a part of the SSL validation (whether the server name you're calling matches the subject/CN of the certificate that is received is a part of the SSL validation process).