Directory username' you need to specify admin@domain 

I dont get what you specify here 

There is log from diag-cli:

debug ldap enabled at level 255
ldap_client_server_add: Add server:192.168.152.128, group=5
ldap_client_server_add: Add server:192.168.152.128, group=5
ldap_client_server_unlock: Free server:192.168.152.128, group=5
ldap_client_server_add: Add server:192.168.152.128, group=5
ldap_client_server_unlock: Free server:192.168.152.128, group=5
ldap_client_server_add: Add server:192.168.152.128, group=5
ldap_client_server_unlock: Free server:192.168.152.128, group=5
ldap_client_server_add: Add server:192.168.152.128, group=5
ldap_client_server_unlock: Free server:192.168.152.128, group=5
ldap_client_server_add: Add server:192.168.152.128, group=5
ldap_client_server_unlock: Free server:192.168.152.128, group=5

[-2147483497] Session Start
[-2147483497] New request Session, context 0x0000153f38410478, reqType = Authentication
[-2147483497] Fiber started
[-2147483497] Creating LDAP context with uri=ldap://192.168.152.128:389
[-2147483497] Connect to LDAP server: ldap://192.168.152.128:389, status = Failed
[-2147483497] Unable to read rootDSE. Can't contact LDAP server.
[-2147483497] Fiber exit Tx=0 bytes Rx=0 bytes, status=-3
[-2147483497] Session End
ldap_client_server_delete: Remove server 192.168.152.128, group=5
ldap_client_server_unlock: Free server:192.168.152.128, group=5

Here is debug log:

debug ldap enabled at level 250
ldap_client_server_add: Add server:192.168.152.128, group=5
ldap_client_server_add: Add server:192.168.152.128, group=5
ldap_client_server_unlock: Free server:192.168.152.128, group=5
ldap_client_server_add: Add server:192.168.152.128, group=5
ldap_client_server_unlock: Free server:192.168.152.128, group=5
ldap_client_server_add: Add server:192.168.152.128, group=5
ldap_client_server_unlock: Free server:192.168.152.128, group=5
ldap_client_server_add: Add server:192.168.152.128, group=5
ldap_client_server_unlock: Free server:192.168.152.128, group=5
ldap_client_server_add: Add server:192.168.152.128, group=5
ldap_client_server_unlock: Free server:192.168.152.128, group=5

[-2147483492] Session Start
[-2147483492] New request Session, context 0x0000153f38410478, reqType = Authentication
[-2147483492] Fiber started
[-2147483492] Creating LDAP context with uri=ldap://192.168.152.128:389
[-2147483492] Connect to LDAP server: ldap://192.168.152.128:389, status = Failed
[-2147483492] Unable to read rootDSE. Can't contact LDAP server.
[-2147483492] Fiber exit Tx=0 bytes Rx=0 bytes, status=-3
[-2147483492] Session End
ldap_client_server_delete: Remove server 192.168.152.128, group=5
ldap_client_server_unlock: Free server:192.168.152.128, group=5

I do still believe there is some connectivity issues between the firewall management interface and the LDAP server. When you tried to ping the LDAP server from the firewall clish mode, did you add the "system" keyword? if not, the firewall won't be sending the packets from the management interface and it will send them in that case from the data interface that can reach the LDAP server.