Problem with chain overlay

["Klaus Nagel" <m_a_i_l@web.de>]

Hello, I have a little problem with the chain overlay and hope, someone
can help me. I have a master and a slave server (both debian lenny with
openldap 2.4.11) and a normal syncrepl replication between both, but I
can't get the chain working.

my slave slapd.conf entries:

moduleload              back_ldap
overlay                 chain
chain-uri               "ldap://10.8.0.1:389/";
chain-rebind-as-user    TRUE
chain-idassert-bind     bindmethod=simple
                        binddn="cn=admin,dc=test,dc=de"
                        credentials=testpw
                        mode=self
chain-tls               start
chain-return-error      TRUE

if i try to delete an entry with ldapdelete on the slave server:
ldapdelete -xD "cn=admin,dc=test,dc=de" -w testpw 
cn=abc,ou=Verteiler,dc=test,dc=de

Log from slave server:
conn=1 fd=13 ACCEPT from IP=127.0.0.1:48451 (IP=0.0.0.0:389)
conn=1 op=0 BIND dn="cn=admin,dc=test,dc=de" method=128
conn=1 op=0 BIND dn="cn=admin,dc=test,dc=de" mech=SIMPLE ssf=0
conn=1 op=0 RESULT tag=97 err=0 text=
conn=1 op=1 DEL dn="cn=abc,ou=Verteiler,dc=test,dc=de"
conn=1 op=1 RESULT tag=107 err=8 text=
conn=1 op=2 UNBIND
conn=1 fd=13 closed

Log from master server:
conn=83 fd=15 ACCEPT from IP=10.8.0.2:44720 (IP=0.0.0.0:389)
conn=83 op=0 BIND dn="" method=128
conn=83 op=0 RESULT tag=97 err=0 text=
conn=83 op=1 DEL dn="cn=abc,ou=Verteiler,dc=test,dc=de"
conn=83 op=1 RESULT tag=107 err=8 text=modifications require authentication
conn=83 op=2 UNBIND
conn=83 fd=15 closed

...it seems to me, that the bind-dn will not be transmitted and I don't
see any start-tls entries.
...any hints for me?

best regards: Klaus