I hit a similar error with JupyterHub with an LDAP server updated to require STARTTLS where the debug logs were showing the following errors:

LDAPBindError: automatic bind not successful - confidentialityRequired

i.e. connections don't seem to be getting upgrading properly in the latest release:

Note that if I update the following line in ldapauthenticator.py

auto_bind=self.use_ssl and ldap3.AUTO_BIND_TLS_BEFORE_BIND or ldap3.AUTO_BIND_NO_TLS

to

auto_bind=ldap3.AUTO_BIND_TLS_BEFORE_BIND

the problem disappears. Without this modification based on a look at the LDAP3 source it seems to me as though the connection will never recieve the starttls upgrade that the docs mention should happen with the current auto_bind setting.

use_ssl appears to be used for both creating a Server object (which triggers a connection attempt to port 636 which isn't open in my case) and for evaluating whether or not to do a starttls upgrade. Is there a need for an additional configuration option to disambiguate these?

(It's unclear me whether or not this might be the root problem underlying #90).

It seems there's been a cosmetic change to the auto_bind formatting since the 1.2.2 release but it doesn't look to me like the underlying issue has been eliminated.