On 10/13/2023 7:45 AM, Marc wrote:
So, I switched from ldaps to ldap, and suddenly, the synchronozation
worked.

Ok that is bad, because that means your SSHA is going over a unencrypted connection and afaik this ssha can be (easily?) brute forced with something like john the ripper (only tried one account of mine, so could be not as bad as I write)

Also:  an unencrypted connection is vulnerable to man-in-the-middle attacks.  A villain who is able to stage a man-in-the-middle attack could feed malicious data to your client - like, say, a user record with uid==0 and a password that the villain knows.
-- 
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris