Thank you for your fast reply.
Stig Venaas wrote:
I have already tried this on the LDAP-Server itself: ldapsearch -ZZ -d
127 "cn=*" - but it seems, that only parts of the traffic are encypted.
What you see in clear text is perhaps just the server certificate?
I don't think so, because I can read my LDAP-entries in cleartext in the
debug output. But there is no error message which shows than somethimng
with TLS went wrong. *?*
You will always see that. As said Kyle, try to tcpdump, tcpflow, snoop or
whatever (depending on your system) to see if data is transfered using tls
or not (try tcpflow -i lo -c).
Nearly the same did I.
But I have (a quite stupid) question: What means the "FQDN" of the
Server? My server-root (base) of the ldap directory is
"ou=abteilung,ou=institut,o=organisation,c=de" and my server "host04".
Is the NQDN in this case "host04.abteilung.institut,organisation,de"? I
only used "host04" as Common Name in the Certificate. Could this be my
mistake?