Ldap authentication: switching ldapS on is like turnig ldap off

when I turn on ldaps xwiki behaves as if ldap is turned off completely. With ldap I can see traffic on tcpdump and have readings with strace. As soon as I set xwiki.authentication.ldap.ssl=1 there is no traffic to my ldap server or any readings of ldap authentication with strace of the tomcat process.

My organization does not allow ldap, only ldaps, so I can only test the basic connection and get an rejection from my ldap server.

I did follow the instructions https://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/UseCases/
and did a lot of testing with other people, but when there is like no trace that ldap is even on…

Any ideas? Thanks.

btw: the server xwiki runs on can connect do a ldapsearch and even gets valid data back.

XWiki 10.11.8, war Installation, tomcat 9.0.21, SUSE SLE15.1