slapd is running in cloudservices2004-dev and cloudservices2005-dev, and is configured to sync information bidirectionally between the two servers.
Looking at the slapd logs (journalctl -u slapd) it looks like synchronization was broken from before I reimaged 2004 to bookworm (reimage happened on Sep 18):
Sep 07 13:13:33 cloudservices2005-dev slapd[2400376]: slap_client_connect: URI=ldap://cloudservices2004-dev.codfw.wmnet:389 Error, ldap_start_tls failed (-11)
Disabling TLS in /etc/ldap/slapd.conf (starttls=no) results in a different error that seems to indicate invalid credentials:
Sep 28 09:22:46 cloudservices2005-dev slapd[3980547]: slap_client_connect: URI=ldap://cloudservices2004-dev.codfw.wmnet:389 DN="cn=repluser,dc=wikimedia,dc=org" ldap_sasl_bind_s failed (49)