Troubleshooting ldap connectivity issues on Ontap & Active Directory sucks. This advisory is about as much help as I found online. What finally helped me out was a typo.

Everything on the NetApp looked fine. It said it could connect to AD and said it found what it needed to find:

engnas01::*> ldap client show -client-config asic_tools -vserver asic_tools -instance
...

engnas01::*> vserver services name-service ldap check -vserver asic_tools

                  Vserver: asic_tools
Client Configuration Name: asic_tools
              LDAP Status: up
      LDAP Status Details: Successfully connected to LDAP server "10.0.0.12".
   LDAP DN Status Details: All the configured DNs are available.

However, it never couldn't find the entries and there were no clues on the client or the server why the disconnect.

engnas01::*> getxxbyyy getpwbyname -node node01_engnas01 -vserver asic_tools_nas -show-source true -username myusername
  (vserver services name-service getxxbyyy getpwbyname)

Error: command failed: Failed to resolve myusername. Reason: Entry not found for "username: myusername".



engnas01::*> diag secd authentication show-creds -node node01_engnas01 -vserver asic_tools_nas -list-name true -list-id true -unix-user-name myusername

Vserver: asic_tools_nas (internal ID: 11)

Error: Acquire UNIX credentials procedure failed
  [  8 ms] Successfully connected to ip 10.0.0.12, port 88 using TCP
  [   211] Successfully connected to ip 10.0.0.13, port 389 using TCP
**[   316] FAILURE: User 'myusername' not found in UNIX authorization
**         source LDAP. 
  [   316] Entry for user-name: myusername not found in the current
           source: LDAP. Ignoring and trying next available source
  [   317] Entry for user-name: myusername not found in the current
           source: FILES. Entry for user-name: myusername not found in
           any of the available sources
  [   318] Unable to retrieve UID for UNIX user myusername

Error: command failed: Failed to resolve user name to a UNIX ID. Reason: "SecD Error: object not found". 

Out of frustration I typed that last command like so and it gave me the info I needed to figure out (along with ldapsearch from the command-line) where the failure was.

engnas01::*> diag secd authentication show-creds -node node01_engnas01 -vserver asic_tools_nas -list-name true -list-id true -unix-user-name myuserna\me             

Vserver: asic_tools_nas (internal ID: 11)

Error: Acquire UNIX credentials procedure failed
  [ 10 ms] Successfully connected to ip 10.0.0.12, port 389 using TCP
  [   115] LDAP search for the "uid, uidNumber, gidNumber,
           userPassword, gecos, homeDirectory, loginShell"
           attribute(s) within base "DC=example,DC=com"
           (scope: 2) using filter
           "(&(objectClass=posixAccount)(uid=myuserna\me))" failed
           with error: Bad search 
  [   115]   Additional info: 
  [   116] Source: LDAP unavailable. Ignoring and trying next
           available source for user-name: myuserna\me
  [   116] Entry for user-name: myuserna\me not found in the current
           source: FILES. Entry for user-name: myuserna\me not found
           in any of the available sources
**[   116] FAILURE: Unable to retrieve UID for UNIX user myuserna\me

Error: command failed: Failed to resolve user name to a UNIX ID. Reason: "SecD Error: libc returned a transient error.  Please look at the journal for detail". 

engnas01::*> 

It seems there should have been an easier way of figuring this information out. I'm glad I stumbled across this though.