Thanks for the response.
I eventually figured out my problem. For anyone else running Windows, you may have to manually add an ldap.conf file at c:\openldap\sysconf\ldap.conf
Mine just contains the line “TLS_CACERT c:\path\to\certs\cacert.pem” and it works fine now.
Evidently, this openldap\sysconf path is hardcoded, so the file has to go there. See the discussion here (and elsewhere in the comments): https://www.php.net/manual/en/function.ldap-connect.php#36156
