Comment 8 for bug 115967

I can confirm this bug existed in karmic and still exists in lucid, and has gotten worse since /etc/sudo-ldap.conf is now a symbolic link to /etc/ldap/ldap.conf. Not knowing this, I tried to edit /etc/sudo-ldap.conf and change ldaps to ldap, accidentally turning off encryption for all NSS/PAM LDAP activity including passwords!

The page linked above is only partially relevant, since it deals with connection debugging with ldapsearch, which works just fine with ldaps in this case. I did the gnutls-client part and got the following:

Processed 1 CA certificate(s).
Resolving 'mail....de'...
Connecting to '172.16.6.1:636'...
- Certificate type: X.509
 - Got a certificate list of 1 certificates.
 - Certificate[0] info:
  - subject `C=DE,ST=NRW...,CN=mail....de,<email address hidden>', issuer `C=DE,ST=NRW,...,CN=....de,EMAIL=admin@...de', RSA key 2048 bits, signed using RSA-SHA, activated `2009-11-30 13:22:21 UTC', expires `2010-11-30 13:22:21 UTC', SHA-1 fingerprint `a4f903c0b1169e02172136933781cca3f5c9ca72'
- The hostname in the certificate matches 'mail....de'.
- Peer's certificate is trusted
- Version: TLS1.1
- Key Exchange: RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

Looks like a perfect conection, I think.