zabbix was installed on centos 6.8, needs to bind ldap server from Windows server 2008 R2 Enterprise

do you use any special characters in login name or password?
Are you able to connect to LDAP server from Frontend server shell using ldapsearch command?

Have you tried it without ldap:// for the LDAP host, we don't have that in our working configuration.
You also have php-ldap installed for your version of php running on your web server?

I have same problem with Zabbix Server 4.2.3 and AD in Windows 2016. I've tried many times with all recommended parameters but no luck. Connection test from PHP script works. 

At a small risk that I am missing something here, as I am really brand new to zabbix, so I apologize upfront if I stir the pot.  Still, I reckon that this is probably the right thing to do as Microsoft has shifted to requiring using channel signing to attach to ldap now (using certificates).

I felt the need to interject as I had to go through and generate some certs for linux machines (via sssd) and some apps (including postgres) to use ldaps and have the cert with private key authenticate into our AD.  This is the method we use for querying AD when you are not joined in the domain.   The certs need to be setup in AD to allow secure LDAP / AD access to the records in AD.  Here are some additional notes on Microsoft getting people to migrate towards ldaps for years:

In Aug 2019, Microsoft released "Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing":
   https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV190023

   That post includes the following link:
    https://docs.microsoft.com/en-US/troubleshoot/windows-server/identity/enable-ldap-signing-in-windows-server

Some documentation I refered to that helped me create the certs and perm them in AD:
   https://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx
   https://techcommunity.microsoft.com/t5/sql-server-blog/step-by-step-guide-to-setup-ldaps-on-windows-server/ba-p/385362

I saw this recent post, which may help too (I didn't use this, looks to be more for AD "auth use"):
   https://bl.ocks.org/magnetikonline/0ccdabfec58eb1929c997d22e7341e45

==

Now with the above said, can Zabbix:

a) authenticate against ldap with a certificate?  (more universal and probably recommended) 
b) piggyback off the local machine's auth (ie. via sssd) somehow? (probably easier through some pam configuration, but is going to be restrictive to unix rev/sssd versions).

Again there is a small possibility I have this wrong as I am new to zabbix, but from what I read here and currently understand, zabbix "should" have a proper way of authenticating into AD using a cert, right?