I am trying to get the global forest data when running the command getend passwd. This command works getting only local information when the LDAP port is set to 389. When the port is set to 3268, the getent passwd retrieves only passwd information from the LOCAL Host.

Here is the /etc/ldap.conf --
base dc=orion,dc=ad
binddn cn=ldapuser,ou=-service accts,dc=orion,dc=ad
bindpw #!1orion1!#
#bindpw ldap_password
port 3268
scope sub

timelimit 120
bind_timelimit 120
idle_timelimit 3600

nss_base_passwd ou=-ORION Users,?sub
nss_base_shadow ou=-ORION Users,?sub
nss_base_group ou=-All Groups,?sub
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member

pam_login_attribute sAMAccountName
pam_filter objectclass=User
#pam_password ad
pam_password md5

ssl no

tls_cacertdir /etc/openldap/cacerts
pam_check_host_attr yes
pam_filter |(host=xbox1.orion.ad)(host=\*)


passwd: files ldap
shadow: files ldap
group: files ldap

hosts: files dns

bootparams: nisplus [NOTFOUND=return] files

ethers: files ldap
netmasks: files ldap
networks: files ldap
protocols: files ldap
rpc: files ldap
services: files ldap

netgroup: files ldap

publickey: nisplus

automount: files ldap
aliases: files nisplus

Any hints or pointers in the right direction would be appreciated.

thank you