LDAP integration

I’ve got LDAP configured and it can see all the accounts in my Windows AD domain. However, when I attempt to log in with one of these accounts I receive the following error message:

Internal Server Error
The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
More details can be found in the server log.

Technical details
Request ID: ZAnx6sMLZqYrbCqePsUH

This error occurs whether I use a real account or a fake one. Only the admin account can login.
If I search through the log I see the following entry tied to that request ID:

Error OC\ServerNotAvailableException: Lost connection to LDAP server.
/var/www/nextcloud/apps/user_ldap/lib/LDAP.php - line 368: OCA\User_LDAP\LDAP->processLDAPError(Resource id #78)
/var/www/nextcloud/apps/user_ldap/lib/LDAP.php - line 295: OCA\User_LDAP\LDAP->postFunctionCall()
/var/www/nextcloud/apps/user_ldap/lib/LDAP.php - line 46: OCA\User_LDAP\LDAP->invokeLDAPMethod(*** sensitive parameters replaced )
/var/www/nextcloud/apps/user_ldap/lib/Connection.php - line 614: OCA\User_LDAP\LDAP->bind(
sensitive parameters replaced )
/var/www/nextcloud/apps/user_ldap/lib/Connection.php - line 539: OCA\User_LDAP\Connection->bind(
sensitive parameters replaced )
/var/www/nextcloud/apps/user_ldap/lib/Connection.php - line 172: OCA\User_LDAP\Connection->establishConnection()
/var/www/nextcloud/apps/user_ldap/lib/Connection.php - line 180: OCA\User_LDAP\Connection->init()
/var/www/nextcloud/apps/user_ldap/lib/Access.php - line 1005: OCA\User_LDAP\Connection->getConnectionResource()
/var/www/nextcloud/apps/user_ldap/lib/Access.php - line 1166: OCA\User_LDAP\Access->executeSearch(‘(&(&(|(objectcl…’, Array, Array, NULL, NULL)
/var/www/nextcloud/apps/user_ldap/lib/Access.php - line 890: OCA\User_LDAP\Access->search(‘(&(&(|(objectcl…’, Array, Array, NULL, NULL)
/var/www/nextcloud/apps/user_ldap/lib/Access.php - line 806: OCA\User_LDAP\Access->searchUsers(‘(&(&(|(objectcl…’, Array, NULL, NULL)
/var/www/nextcloud/apps/user_ldap/lib/Access.php - line 780: OCA\User_LDAP\Access->fetchListOfUsers(‘(&(&(|(objectcl…’, Array)
/var/www/nextcloud/apps/user_ldap/lib/User_LDAP.php - line 136: OCA\User_LDAP\Access->fetchUsersByLoginName(‘SAMACCOUNTNAME…’, Array)
/var/www/nextcloud/apps/user_ldap/lib/User_LDAP.php - line 153: OCA\User_LDAP\User_LDAP->getLDAPUserByLoginName(‘SAMACCOUNTNAME…’)
[internal function] OCA\User_LDAP\User_LDAP->checkPassword(
sensitive parameters replaced )
/var/www/nextcloud/apps/user_ldap/lib/User_Proxy.php - line 71: call_user_func_array(Array, Array)
/var/www/nextcloud/apps/user_ldap/lib/Proxy.php - line 150: OCA\User_LDAP\User_Proxy->walkBackends(‘SAMACCOUNTNAME…’, ‘checkPassword’, Array)
/var/www/nextcloud/apps/user_ldap/lib/User_Proxy.php - line 186: OCA\User_LDAP\Proxy->handleRequest(‘SAMACCOUNTNAME…’, ‘checkPassword’, Array)
/var/www/nextcloud/lib/private/User/Manager.php - line 216: OCA\User_LDAP\User_Proxy->checkPassword(
sensitive parameters replaced )
/var/www/nextcloud/core/Controller/LoginController.php - line 231: OC\User\Manager->checkPasswordNoLogging(
sensitive parameters replaced )
[internal function] OC\Core\Controller\LoginController->tryLogin(
sensitive parameters replaced ***)
/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 160: call_user_func_array(Array, Array)
/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 90: OC\AppFramework\Http\Dispatcher->executeController(Object(OC\Core\Controller\LoginController), ‘tryLogin’)
/var/www/nextcloud/lib/private/AppFramework/App.php - line 114: OC\AppFramework\Http\Dispatcher->dispatch(Object(OC\Core\Controller\LoginController), ‘tryLogin’)
/var/www/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php - line 47: OC\AppFramework\App main(‘OC\Core\Control…’, ‘tryLogin’, Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
[internal function] OC\AppFramework\Routing\RouteActionHandler->__invoke(Array)
/var/www/nextcloud/lib/private/Route/Router.php - line 299: call_user_func(Object(OC\AppFramework\Routing\RouteActionHandler), Array)
/var/www/nextcloud/lib/base.php - line 1004: OC\Route\Router->match(‘/login’)
/var/www/nextcloud/index.php - line 48: OC handleRequest()
{main}

The DC is definitely online and accessible from the nextcloud server. The account being used has the correct password and has full read access on the domain (but not any write access).

What are the minimum permissions required for the service account?

Any ideas as to what the problem may be?

Nextcloud version (eg, 10.0.2): 12.0.3
Operating system and version (eg, Ubuntu 16.04): 16.04.3
Apache or nginx version (eg, Apache 2.4.25): 2

thanks for your help