I am running OpenLDAP 2.3.39 on a RedHat server. I am encountering a user ssh login failure on an LDAP client if I use the URI based way to specify the LDAP servers in the client's /etc/ldap.conf and /etc/openldap/ldap.conf files. I don't have such a problem if I use the host based way. A snip of the configurations and the ldap.log on the ldapm is the following: /etc/ldap.conf: uri ldap://ldapm.mydomain.com ldap://ldapsl.mydomain.com /etc/openldap/ldap.conf: URI ldap://ldapm.mydomain.com ldap://ldapsl..mydomain.com May 16 14:16:33 ldapm slapd[27604]: <= check a_dn_pat: cn=admin,dc=mydomain,dc=com May 16 14:16:33 ldapm slapd[27604]: <= check a_dn_pat: * May 16 14:16:33 ldapm slapd[27604]: <= acl_mask: [4] applying read(=rscxd) (stop) May 16 14:16:33 ldapm slapd[27604]: <= acl_mask: [4] mask: read(=rscxd) May 16 14:16:33 ldapm slapd[27604]: => access_allowed: read access granted by read(=rscxd) May 16 14:16:33 ldapm slapd[27604]: => access_allowed: read access to "uid=luke_l,ou=People,dc=mydomain,dc=com" "uid" requested May 16 14:16:33 ldapm slapd[27604]: => acl_get: [2] attr uid May 16 14:16:33 ldapm slapd[27604]: access_allowed: no res from state (uid) May 16 14:16:33 ldapm slapd[27604]: => acl_mask: access to entry "uid=luke_l,ou=People,dc=mydomain,dc=com", attr "uid" requested May 16 14:16:33 ldapm slapd[27604]: => acl_mask: to value by "", (=0) May 16 14:16:33 ldapm slapd[27604]: <= check a_dn_pat: self May 16 14:16:33 ldapm slapd[27604]: <= check a_dn_pat: cn=admin,dc=mydomain,dc=com May 16 14:16:33 ldapm slapd[27604]: <= check a_dn_pat: * May 16 14:16:33 ldapm slapd[27604]: <= acl_mask: [4] applying read(=rscxd) (stop) May 16 14:16:33 ldapm slapd[27604]: <= acl_mask: [4] mask: read(=rscxd) May 16 14:16:33 ldapm slapd[27604]: => access_allowed: read access granted by read(=rscxd) May 16 14:16:33 ldapm slapd[27604]: => access_allowed: read access to "uid=luke_l,ou=People,dc=mydomain,dc=com" "userPassword" requested May 16 14:16:33 ldapm slapd[27604]: => acl_get: [1] attr userPassword May 16 14:16:33 ldapm slapd[27604]: access_allowed: no res from state (userPassword) May 16 14:16:33 ldapm slapd[27604]: => acl_mask: access to entry "uid=luke_l,ou=People,dc=mydomain,dc=com", attr "userPassword" requested May 16 14:16:33 ldapm slapd[27604]: => acl_mask: to value by "", (=0) May 16 14:16:33 ldapm slapd[27604]: <= check a_dn_pat: self May 16 14:16:33 ldapm slapd[27604]: <= check a_dn_pat: anonymous May 16 14:16:33 ldapm slapd[27604]: <= acl_mask: [2] applying auth(=xd) (stop) May 16 14:16:33 ldapm slapd[27604]: <= acl_mask: [2] mask: auth(=xd) May 16 14:16:33 ldapm slapd[27604]: => access_allowed: read access denied by auth(=xd) May 16 14:16:33 ldapm slapd[27604]: send_search_entry: conn 35 access to attribute userPassword, value #0 not allowed May 16 14:16:33 ldapm slapd[27604]: => access_allowed: read access to "uid=luke_l,ou=People,dc=mydomain,dc=com" "shadowLastChange" requested May 16 14:16:33 ldapm slapd[27604]: => acl_get: [2] attr shadowLastChange May 16 14:16:33 ldapm slapd[27604]: access_allowed: no res from state (shadowLastChange) May 16 14:16:33 ldapm slapd[27604]: => acl_mask: access to entry "uid=luke_l,ou=People,dc=mydomain,dc=com", attr "shadowLastChange" requested May 16 14:16:33 ldapm slapd[27604]: => acl_mask: to value by "", (=0) May 16 14:16:33 ldapm slapd[27604]: <= check a_dn_pat: self May 16 14:16:33 ldapm slapd[27604]: <= check a_dn_pat: cn=admin,dc=mydomain,dc=com May 16 14:16:33 ldapm slapd[27604]: <= check a_dn_pat: * May 16 14:16:33 ldapm slapd[27604]: <= acl_mask: [4] applying read(=rscxd) (stop) May 16 14:16:33 ldapm slapd[27604]: <= acl_mask: [4] mask: read(=rscxd) May 16 14:16:33 ldapm slapd[27604]: => access_allowed: read access granted by read(=rscxd) Can anyone please help resolve the above problem? Thanks a lot! Luke