syspass LDAP with Univention UCS - can't get it working - LDAP broken

[i1box]

Discussed in #1917

^{Originally posted by i1box October 17, 2023}
I'd like to get LDAP auth working, but constantly getting "invalid dn syntax" error when hitting on the sync icon. Tried different possibilities, but no success.
The LDAP connection seems to work in general, just a kind of syntax problem.

Tried also the https://www.forumsys.com/2022/05/10/online-ldap-test-server/ with same error msg. LDAP seems to be broken generally.

Testserver config:

 <ldapAds>0</ldapAds>
  <ldapBase>cn=read-only-admin,dc=example,dc=com</ldapBase>
  <ldapBindPass>password</ldapBindPass>
  <ldapBindUser>read-only-admin</ldapBindUser>
  <ldapDefaultGroup>1</ldapDefaultGroup>
  <ldapDefaultProfile>1</ldapDefaultProfile>
  <ldapEnabled>0</ldapEnabled>
  <ldapGroup></ldapGroup>
  <ldapProxyUser></ldapProxyUser>
  <ldapServer>ldap://ldap.forumsys.com</ldapServer>
  <ldapTlsEnabled>0</ldapTlsEnabled>
  <ldapType>1</ldapType>
  <logEnabled>1</logEnabled>

Using syspass/syspass docker.

That's my config:
syspass Version:

3.2 (3211.22070201)                         Config: 3211.22070201                         App: 3211.22070201                         DB: 3211.22070201

Database | SERVER_VERSION : 5.5.5-10.2.44-MariaDB-1:10.2.44+maria~bionic

config.xml

<ldapAds>0</ldapAds>
 <ldapBase>cn=users,dc=i1box,dc=eu</ldapBase>
 <ldapBindPass>password</ldapBindPass>
 <ldapBindUser>syspass-ldap</ldapBindUser>
 <ldapDefaultGroup>1</ldapDefaultGroup>
 <ldapDefaultProfile>1</ldapDefaultProfile>
 <ldapEnabled>0</ldapEnabled>
 <ldapGroup>users</ldapGroup>
 <ldapProxyUser></ldapProxyUser>
 <ldapServer>ldap://192.168.1.249:7389</ldapServer>
 <ldapTlsEnabled>0</ldapTlsEnabled>
 <ldapType>1</ldapType>

this is a working simple search from the app container:
ldapsearch -d 5 -h "192.168.1.249" -p 7389 -b "cn=users,dc=i1box,dc=eu" -D "cn=syspass-ldap,dc=i1box,dc=eu" -w "password"

Can someone help? THX.