If you are using a certificate, then you need it on the Linux server (docker image) as the post above mentions. If you do not have a certificate, what happens is the same it happens when you self-sign a certificate for a website and you try accessing it.
The configuration on the ldap client side when set to never (OpenLDAP 2.1 Administrator's Guide: Using TLS), basically says, well click “advanced” and lets move on as it is.
But that will only work if the server (your AD) is ok with that (see “TLSVerifyClient” on OpenLDAP 2.1 Administrator's Guide: Using TLS).
While we never had to tell a customer needing to do this, i would suggest you look at your AD configuration and logs to understand exactly what is going on. I repeat we never had a customer that could not solve an ldap issue (exception is those using Google LDAP services)