eDirectory 8.7.3
NetWare 6.0 for file services, OES Linux for GroupWise and iPrint.
Client 4.91 on W2K & XP.

We are trying to set up contextless login. I have been going by Novell's
docs on the subject ("Novell Client 4.91 for Windows XP/2000 Installation
and Administration Guide"). I have attempted to set this up with an LDAP
proxy user as described on pages 79 - 83.

Every server in our tree has an associated LDAP group and LDAP server
object. LDAP appears to be working, although the telnet test (telnet
server's_IP_address 389 or 636) gives puzzling results. There is no
'greeting', but telnet quits from port 389 with a simple 'q' and prints a
line of high-order characters, and then another line ending with Telnet to port 636 ends gracefully by typing
'exit' twice or 'quit' once. On the NetWare servers, tcpcon shows the
server listening on both ports.

I created LDAP_Proxy_User, removing all password restrictions and
assigning no password, as per docs. At the root Organization I changed
eDirectory rights, removing everything from [All Attribute Rights] and
[Entry Rights] and adding Compare and Read to Title. I used iManager to
declare this as an LDAP proxy user to the LDAP server on the master
replica. I configured the client on the LDAP Contextless Login tab to
Enable LDAP Contextless Login and Enable LDAP Context Search Scope. I
added our tree and set the scope to be O=Mason (the bottom of our tree).

In short, I have done all that the docs require (I think; I am getting on
in years; a younger non-Novell guy here has gone through this as well, but
with no better results), but still, any attempt to login to any context
other than the root O results in 'LDAP Contextless Login: Bad server
configuration' when I tab from user to password.

I know this is possible, but I'm really stumped.