Ad secrets engine ldaps authentication error

I am trying to enable ad secrets engine over ldaps and running into an error . I am using pem encoded root certificate for the secure authentication.

LDAP Result Code 53 “Unwilling To Perform”: 0000001F: SvcErr: DSID-031A1254, problem 5003 (WILL_NOT_PERFORM), data 0

I don’t see any debug information anywhere to further troubleshoot this issue. I see in the vault docs that this error was mentioned with insecure ldap can cause this issue. I am using ldaps protocol with valid certs. ( ldap authentication plugin also works over ldaps successfully)
Tried almost all possible combinations. tried with a password_policy incase AD is rejecting the password changes over password_policy. However its working when I use ldap.

It would be great help if someone can she some light on to this issue.
Vault version: 1.6.0


Just in case this is useful for anyone, I was getting the same error and in my case I was missing the “s” in ldap.

url = "ldaps://
insecure_tls = “true”