We are upgrading our servers to RedHat 5.1, and in the process trying
to migrate to openLDAP 2.3.27 (the latest version that RH provides).
Note that RH's OpenLDAP version is primarily built (and tested) to
provide LDAP libraries. They care less about the server - they
even link it with Berkeley DB version 4.3, which OpenLDAP configure
normally refuses to use because it doesn't work well with OpenLDAP.
So, you are better off building OpenLDAP and Berkeley DB yourself, or
you can get a prebuilt bundle elsewhere. Symas offers prebuilts
(www.symas.com), and I think Buchan Milne keeps RPMs somewhere but
I the URL I found doesn't answer now:
In fact, if a Thunderbird user tries to do a directory search as
before, openLDAP fails. When it fails, it does not write anything to
the log explaining why.
You didn't say which loglevel.
but when you log anything at all, always include at least loglevel
"stats" (256). That logs the requests and the responses - with error
codes (check against RFC 4511 Appendix A) and any supplementary
diagnostic message and matchedDN sent to the client. That's the default
loglevel, and also helps put the info from other levels in context.