ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

["Amir Saad" <Amir.Saad@bibalex.org>]

i use  Fedora 4 , Heimdal Kerberos , Cyrus-SASL 2.1.19 , OpenSSL , OpenLdap 2.3.11
 
i want to use SSL with Ldap but i got the following errors:
**********************************************************************
ldapsearch -H ldaps://localhost/ -b cn=BA,dc=demo,dc=mydomain,dc=org
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
 
*also i tried the following: (Simple Auth)

ldapsearch -H ldaps://localhost/ -b cn=BA,dc=demo,dc=mydomain,dc=org -x
ldap_bind: Can't contact LDAP server (-1)
**********************************************************************
 
the slapd is started using:
    /usr/local/libexec/slapd   -u root -f /usr/local/etc/openldap/slapd.conf -h "ldap:/// ldaps:///"
 
i tried to connect to ldap instead of ldaps and it worked but i need to use TLS/SSL .
 
here is nmap localhost:
***********************************************************************************************
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
88/tcp   open  kerberos-sec
111/tcp  open  rpcbind
389/tcp  open  ldap
543/tcp  open  klogin
631/tcp  open  ipp
636/tcp  open  ldapssl
749/tcp  open  kerberos-adm
750/tcp  open  kerberos
838/tcp  open  unknown
913/tcp  open  unknown
923/tcp  open  unknown
2049/tcp open  nfs
***********************************************************************************************
 
i added the following two directives to the slapd.conf:
TLSCertificateFile /0/CA/newcert.pem
TLSCertificateKeyFile /0/CA/newcert.pem

i added the following directives to the /etc/openldap/ldap.conf:
TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/newcert.pem
TLS_REQCERT allow

i hope u can help!
thanks for ur time!

Amir Saad
Software Engineer