ssh-ldap-pubkey always timeouts

[cadavre]

I'm struggling to configure another instance using ssh-ldap-pubkey – I'm getting forever search (set by /etc/ldap.conf:timelimit) ldap.TIMEOUT.

I have this config:

binddn cn=provider,dc=example,dc=com
bindpw secretpass
base dc=example,dc=com
nss_base_passwd ou=users,dc=example,dc=com

The connection is estabilished to LDAP server (can see it via lsof -iTCP).

Users in my LDAP are having DN like:
uid=my.user,ou=users,dc=example,dc=com

Any ideas where timeout comes?

[cadavre]

In a matter of fact I noticed LDAP is not accepting any new connection when calling ssh-ldap-pubkey.

I have a ldap.example.com LDAP using 389 and 636 port with only-TLS connection. No STARTTLS.

I have all my LDAP-clients configured with:

host: ldap.example.com
port: 389
encryption: ssl

It works everywhere but /etc/ldap.conf...

[jirutka]

How does your uri look like? You should use ldaps://ldap.example.com for TLS without STARTTLS.

[cadavre]

With either:

uri ldap://ldap.example.com
uri ldaps://ldap.example.com
uri ldaps://ldap.example.com:636
uri ldap://ldap.example.com:636

I get immediate:

Error: Can't contact LDAP server.