I know that I could set-up a slave server, but that would be not as
transparent s0 I'd prefer my idea of havingslapd -h
ldaps:// ldaps:/ each using a
different certificate.
 I did so: I put two ldap slave servers (server-server-new and server-old). On the server-old I put the old certificate on the server-new I put the new certificate.

The old applications I point to the server-old and the other applications I use the server-new.

Sincerely, jarbas