Sorry to follow up on my own post but I figured it out.

> Any clue what is wrong here? Is this a SASL uid mapping problem or is it because the user passwords are stored SSHA hashed? I
> already tried to change the stored password from SSHA to MD5, but it does not help SASL auth fails with the same error
> message. Or is this a hash comparison problem?

It is indeed the hash problem.
When I switch my password storing to cleartext (BRR!) mac os x 10.4 can log in.
But this is nothing I want to have. Is it true that Apple's OpenDirectory Servers are also storing
their passwords in cleartext? Can someone with access to an OpenDirectory Server
verify this?

I don't want to store clear text passwords...
Has anyone else 389ds running with Mac OS X 10.4 clients and managed to use it without
cleartext passwords?