TLS slurpd fails

[Rick Blocker <rblocker@uchicago.edu>]

Hello,

I wonder if someone can help me. I'm having problems with secure
replication using TLS. slapd on the slave host will not accept
connections from slurpd using TLS even though an ldapsearch from the
same host using TLS is accepted.  The logs on the slave host show a
seemingly generic error:

        slapd[8896]: daemon: activity on 1 descriptors
        slapd[8896]: daemon: new connection on 9
        slapd[8896]: daemon: conn=27 fd=9 connection from
IP=xxx.xxx.xxx.xxx:3278 (IP=0.0.0.0:31746) accepted.
        slapd[8896]: daemon: added 9r
        slapd[8896]: daemon: activity on:
        slapd[8896]:
        slapd[8896]: daemon: select: listen=6 active_threads=0 tvp=NULL
        slapd[8896]: daemon: activity on 1 descriptors
        slapd[8896]: daemon: activity on:
        slapd[8896]:  9r
        slapd[8896]:
        slapd[8896]: daemon: read activity on 9
        slapd[8896]: connection_get(9)
        slapd[8896]: connection_get(9): got connid=27
        slapd[8896]: connection_read(9): checking for input on id=27
        slapd[8896]: connection_read(9): TLS accept error error=-1
id=27,
closing
        slapd[8896]: connection_closing: readying conn=27 sd=9 for close
        slapd[8896]: connection_close: conn=27 sd=9
        slapd[8896]: daemon: removing 9
        slapd[8896]: conn=-1 fd=9 closed
        slapd[8896]: daemon: select: listen=6 active_threads=0 tvp=NULL
        slapd[8896]: daemon: activity on 1 descriptors
        slapd[8896]: daemon: select: listen=6 active_threads=0 tvp=NULL


My slapd.config file on the master host:

        replica host=slavehost.something.org:636 tls=yes
                binddn="cn=admin,o=myorg,c=us"
                bindmethod=simple
credentials={crypt}$1$gnKfjngh$iyxgvr77jgh6OsKlO63jfh


Does anyone have any ideas?

Best,

Rick