I can confirm the DIT is present on the consumer and the values matches the provider item by item, including the encrypted passwords, 

The issue I am having is that a query that runs on the provider without any issue is failing to run on the consumer with error 49 invalid credentials, but I do know for sure that the provided credentials are good, I even did a tcpdump and confirmed they are fine


On the provider  a query similar to this one runs fine and returns a result

ldapsearch  -Z  -LLL -H ldap://providert:389 -D "uid=user1,ou=employees,dc=metrocast,dc=net" -W -b "ou=employees,dc=metrocast,dc=net" "(mail=*pepe@breezeline.com)

On the consumer this same query returns error 49

ldapsearch  -Z  -LLL -H ldap://providert:389 -D "uid=user1,ou=employees,dc=metrocast,dc=net" -W -b "ou=employees,dc=metrocast,dc=net" "(mail=*pepe@breezeline.com)

I confirmed with ldapsearch -Y EXTERNAL -H ldapi:///  ..... that the information for user1 is exactly the same in the provider and the consumer for all the attributes including the passwords. Tcpdump confirmed that I am sending the right password, doing -W or -w $password gives the same result. For any user I use to run the query I get exactly the same error 49, 

I did verify that ACLs are not blocking the query.

Is there anything else I should check?? any log level that could help me identify where the error is?? Currently my loglevel is olcLogLevel: 128 256 1024

This is a dev environment so I can do changes at will.

Thanks and happy new year

Ulises Gonzalez Horta

Lead Linux Engineer

C: 786 450 2970/ 240 727 6267

E: ugonzalezhorta@breezeline.com