password validation

["Douglas B. Jones" <douglas@gpc.edu>]

I have two ldap servers:

1) on machine A, a tru64 platform with openldap-2.2.20
2) on machine B, a rhel4 platform with openldap-2.3.27

We are trying to migrate to the rhel4 machine with the more
recent ldap. The problem is that sometimes the validation
fails. Due to the number of failures of validation against
the rhel4 machine, we set up a program that:

a) checks the encrypted password against the tru64 password
   file (the source) and against both ldap servers. Understand,
   this is comparing the encrypted password to see if they are
   the same.
b) tries to validate against all three locations.

The strange thing is that a high number of instances, the encrypted
password matches on all three locations, the password (via this
test program) validates against the password file and the tru64
ldap, but fails to validate with err=49 (invalid credentials) against
the rhel4 box. The best I can tell, it is random. Most work, but a
high percentage fail. We rebuild both ldaps each night. I was building
the tru64 one with ldapadd and the rhel4 with slapadd. I then switched
to 'slapdd -q'. Still had the problems, although they seemed a little
better, so last night I switch to ldapadd as in the rhel4 machine. I am
not seeing some that are following this same patter, validate against the
password file and tru64 ldap, but fail against the rhel4 ldap.

One other note, both ldaps are built from the same ldif files. Any ideas?

Thanks for any help!