Comment 13 for bug 1576799

> ldapsearch -x -Z -h I.P -p 389 -D cn=administrator,cn=users,dc=techmint,dc=lan -w XXXXXXXX -b 'dc=techmint,dc=lan'

Please use -ZZ. And did you use the IP for -h? Why not the hostname, which I think (from a previous comment you made) is win.cifs.com?

> I am able to confirm with tcpdump that communication is in encrypted mode.

That doesn't mean it's secure. If your client is told to accept any certificate from the server, it would still be vulnerable to MITM attacks.

You need to change this setting back to "hard" in your /etc/ldap/ldap.conf:

TLS_REQCERT hard

and then repeat the ldapsearch command with -ZZ. And use the certificate's commonName value for your ldapsearch "-h" parameter, or one of the certificate's subjectAltName fields that are prefixed with DNS.