Thank you very much for your help, I managed to solve the issue, at least sort of…
First of all the solution:
Using “CN=” instead of “UID=” was part of the issue, the other part was that the user type “Einfaches Authentifizierungskonto” did not work for the AD connection.
I had to add a real user who is part of the “Schema Admins” Group. With that user, authentication works now.
This leads to a new question:
Is there a way to give only “schema read” permissions for a regular user?
The expected outcome would be, that this user could read the LDAP schema but not change it.