by Siamak Alavi.
Hi,
We have solved this issue, posting the solution to help others in future:
first you need to do change heuristic atribute in AD (should be 000000001):
How to change : http://technet.microsoft.com/en-us/library/cc546864.aspx
why you need to change it:
http://msdn.microsoft.com/en-us/library/cc223249%28v=PROT.10%29.aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/ms675656(v=vs.85).aspx
Finally you need to create ldap.conf contains below code
TLS_REQCERT never
and put it in below paths:
c:\ldap.conf
c:\opendlad\sysconf
restart your server