Hi,

I installed two servers with openldap master/slave configuration on amd64 Debian Lenny. srv3 is on a xen virtual machine , and is the master (provider), and srv4 is not on a virtual machine and is the slave (consumer).
I start slapd with  -h ldap://127.0.0.1/ ldaps:/// on both servers.
Debian is linked against GnuTLS, so I first tried the TLS encryption. It didn't work:
Could not access entry. Reason: {'desc': "Can't contact LDAP server"}
I changed the encryption to SSL, and it works!
Please do not consider this mail as offtopic, because Luma works me, but only Luma, and only with the SSL setting. I would like to ask help, because I don't have any idea, where to next, and Luma is a starting point to me. I don't know, what Luma does differently in that two cases. It might help me if I would understand that.

ldapsearch partially works:
Works from srv3:
ldapsearch -H ldaps://srv3.mydomain.site:636 -W -x -D "cn=adm,dc=mydomain,dc=site" -b "dc=mydomain,dc=site" "(ObjectClass=*)"
ldapsearch -H ldaps://srv4.mydomain.site:636 -W -x -D "cn=adm,dc=mydomain,dc=site" -b "dc=mydomain,dc=site" "(ObjectClass=*)"
ldapsearch -H ldap://127.0.0.1:389 -x -W -D "cn=adm,dc=mydomain,dc=site" -b "dc=mydomain,dc=site" "(ObjectClass=*)"

Works from srv4:
ldapsearch -H ldaps://srv4.mydomain.site:
636/ -W -x -D "cn=adm,dc=mydomain,dc=site" -b "dc=mydomain,dc=site" "(ObjectClass=*)"
ldapsearch -H ldap://127.0.0.1:389 -x -W -D "cn=adm,dc=mydomain,dc=site" -b "dc=mydomain,dc=site" "(ObjectClass=*)"

_Doesn't_work_from_srv4_:
ldapsearch -H ldaps://srv3.mydomain.site:636/ -W -x -D "cn=adm,dc=mydomain,dc=site" -b "dc=mydomain,dc=site" "(ObjectClass=*)"
Enter LDAP Password:  *(after i give the password, it waits 1-2 seconds)*
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

And nor syncrepl works:

The syncrepl part of the slapd.conf on srv4:
syncrepl rid=123
                provider=ldaps://srv3.mydomain.site:636
                type=refreshOnly
                interval=00:00:15:00
                retry="60 120 1800 +"
                searchbase="dc=mydomain,dc=site"
                filter="(objectClass=*)"
                attrs="*"
                scope=sub
                schemachecking=off
                bindmethod=simple
                binddn="cn=adm,dc=mydomain,dc=site"
                credentials=password
log from srv4:
Jul 16 14:14:32 srv4 nss_wins[3461]: slap_client_connect: URI=ldaps://srv3.mydomain.site:636 DN="cn=adm,dc=mydomain,dc=site" ldap_sasl_bind_s failed (-1)
Jul 16 14:14:32 srv4 nss_wins[3461]: do_syncrepl: rid=123 retrying (86 retries left)

Thanks,
Tamas.