Novell ZENworks 7 Desktop Management Support Pack 1 - ZDM7 SP1 Middle Tier
When the primary authentication domain does not contain a replica of a user partition, and the ldap group object for that server is set to always refer, authentication using xtier fails for contextless login. For example, user fails to login butuser.users.ou.orgsucceeds.
Workaround: Set ldap group object for the domain server to chain always rather than refer. This is done with iManager/ldap options/ldap group/referrals settings.
StatusReported to Engineering
The rebind to the second server is using anonymous rather than the proxy user defined in the NetStorage setup.