Wireshark doesn't dissect LDAP
I can see the Bind requests, but the LDAP packets just show
SASL Buffer length: xxx SASL Buffer
Displaying the buffer shows the unencrypted contents and I can piece it together from the binary dump, but I have to do it for a lot of buffers so hoping the LDAP dissector could do it.
Is your traffic running on a non-standard LDAP port? Unencrypted LDAP traffic is dissected for me.
No, it uses the standard port 389. The only unusual thing is it's local link ::1 -> ::1 I'm trying to move the client to a different machine to see if that has any effect. Update - running on a different machine doesn't work since then Windows uses DCE/RPC, which is encrypted. So I can try dissecting that as well. There are various Google search results for how to do that using e.g. ktpass, but so far no luck with that either.