Thanks for your reply.
389-users-bounces(a)lists.fedoraproject.org wrote on 19.05.2010 13:32:36:
Is the ldap server configured for sasl?
it would seem that the osx
client tries with sasl and only sasl when that does not work it unbinds
and does not try simple bind, it may see that the ldap server is showing
sasl as a available authentication method but it is not really
available, can you exec login into it?
This is what I try to figure out right now.
I am just searching where
to switch of some SASL methods (or SASL at all) in 389ds. Do you know
where this can be done. Haven't found anything yet (beside of the
switches). I am searching something which does not require a recompile.
also did you reboot the mac box
after configuring the ldap login?
Sure. But it was reproducable without reboot. If
my password was
stored cleartext I could log in. If I changed it back to SSHA or MD5
login was no longer possible.