I am preparing NW 6.5 SP6 servers for migration to OES 2 SP1 targets. I have LDAP issues on two of the six servers. All have eDirectory

Of the two servers in question, one will work fine with cleartext LDAP connections on port 389, but will not complete connection requests to SSL port 636.

I completed all of the troubleshooting in the following TIDs:
10090732: Troubleshooting iManager 2.0.2 and greater on NetWare 6.5
10066259: How to test LDAP over SSL

In both cases, the SSL (Server Certificates), LDAP configuration/trace, Tomcat, and Apache checks in TID #10090732 pass. I have not been able to find a conclusive problem.

With dstrace -ALL +LDAP screen ON, there are no trace results for any LDAP connections on that first server. It never times out either.

Same test on the second server produces trace for a connection/query on port 389, but nothing on 636 - until it times out after ~3min. I see DoUnbind referenced to my workstation IP.

So, it looks like the connection is detected by the service, but does not produce any work.

Since these will be source servers for ID Migration, it is critical that LDAP be 100%. The NetWare to OES2 - CoolSolutionsWiki doc suggests:

When you have authentication problems with LDAP or when you are in doubt over your LDAP configuration on the source server, best is to recreate your LDAP configuration. This can be easily done by deleting the LDAP group and server objects for the source server and by recreating them. Having a healthy LDAP configuration is especially important for a server ID swap migration because after the migration, the destination server will inherit the LDAP configuration of the source server, and without a fully working LDAP configuration, the repair operations at the end of the ID swap procedure itself may already not be able to fully perform their task.

If anyone could point me to additional TIDS or resources for doing the above or otherwise resolving these issues, I would be most grateful.