OpenLDAP 2.1.x + NSS+SSL connecting to OpenLDAP 2.0.23 = broken?

["nate" <ldap@aphroland.org>]

hello!

I am tryin to figure out if this is a bug or a feature.

I've been using openldap authentication for about a year now and
everything works great. A couple weeks ago I installed SuSE 8.1 on
my sister's computer(upgrade from 8.0), and it cannot talk to my
openldap 2.0.23 server in SSL/TLS mode, it can communicate in
cleartext without any problems.

Running slapd in debug mode I see these messages when it tries to
connect in SSL/TLS:

TLS: can't accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
s3_pkt.c:964

I have Debian 3.0r1(x86/sparc), solaris 8(sparc), redhat 7.3(x86) all
authenticating via SSL/TLS on LDAP running the same configuration:

config for no-ssl:
host 10.10.10.7
base ou=People,o=aphroland,c=us
uri ldap://redhat.aphroland.org:3890/
ldap_version 3
binddn cn=nss,o=aphroland,c=us
bindpw MY_SUPER_SECRET_PASSWORD
port 3890
nss_base_passwd        ou=People,o=aphroland,c=us?one
nss_base_group                ou=Group,o=aphroland,c=us?one


config for ssl:
host 10.10.10.7
base ou=People,o=aphroland,c=us
uri ldaps://redhat.aphroland.org:6360/
ldap_version 3
binddn cn=nss,o=aphroland,c=us
bindpw MY_SUPER_SECRET_PASSWORD
port 6360
nss_base_passwd        ou=People,o=aphroland,c=us?one
nss_base_group                ou=Group,o=aphroland,c=us?one


my ldap server is openldap 2.0.23 on redhat 7.3. I also have
openldap 2.0.23 running on a debian 3.0r1 machine.

I would expect them to be compadible. Bug? Feature?

the SuSE 8.1 system has these ldap packages installed:
openldap2-client-2.1.4-70
nss_ldap-199-31
pam_ldap-150-57

any ideas? All LDAP clients are running the same config.

thanks

nate