your DN is wrong, you forgot ou=Users, it should be uid=ocadmin,ou=Users,dc=xxx,dc=yyy,dc=org
TLS is not needed when you contact the LDAP sevrice on the server itself: it just load CPU, and add complexity (certificate verification), just turn TLS off