Craig said:
[...]
I know about the "-x" option. But, once that happens, it looks like the
passwords are sent in clear text. (I did some packet traces and that's
what it looks like to me.)
That would only happen because an SSL or TLS connection is not being
established. See slapd.conf(5) and ldap.conf(5) for information on forcing
OpenLDAP to use SSL or TLS connections.
Using ldapsearch -d 7 -x -D <yourdn> -w <yourpassword> ... will show you if
a successful SSL handshake is taking place. If it is not, then there will be
no encryption.