the first warning comes from the ldap membership group checking code. As fas as I can see, that code is only called from the iscreator() method. And that call is only performed if the 'Creators' setting is non-empty. It looks like that setting contains a value that is not an actual existing group distinguished name (or group DNs, separated by semi-colons). That's why you get the warning: the LDAP server can't read (access) that particular LDAP object. So make sure all the configured creators groups are using the right distinguished names (or make sure the setting is completely empty).
The login process can continue regardless of this warning because being a creator (or not) doesn't prevent the user from login. The only difference lays in whether you also get the course creator role or not.
Regarding the second and third notice and warning, they come from the Active Directory password expiration checking code (so I guess you have password expiration checking enabled). Moodle is trying to read the 'maxPwdAge' attribute from Active Directory LDAP root, but it's not getting anything back from LDAP server (which is a bit unexpected). But the code tries to use the expected value anyway. That's why you get the warnings. Again, this does not prevent the user from login, as PHP treats an empty value as 0 (zero), and the AD expiration code interprets that as the AD domain being configured with to ignore password expiration.
I can think of two possible options for this problem to occur:
- The configured bind user doesn't have enough permissions to read maxPwdAge (regular users can read that attribute in a default AD setup in Windows 2003, 2008 and 2012, but your AD administrator might have applied more restrictive settings),
- Your Moodle site is using a Global Catalog as the LDAP server, where the maxPwdAge attribute is not available.