Some users (i.e. person entries with userPassword attribute) can't authenticate to the server via simple bind. The problem does not exist with entries located in ou=system or dc=apache,dc=org. To give an example:

I used the default server.xml from
http://svn.apache.org/viewcvs.cgi/directory/apacheds/trunk/main/server.xml
to start the server and added the following entry:

dn: cn=Kate Bush,dc=apache,dc=org
cn: Kate Bush
objectclass: top
objectclass: person
sn: Bush
userPassword: Aerial

After that, the following works as expected:

$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=apache,dc=org" -w Aerial -b "dc=apache,dc=org" "(sn=Bush)" cn
cn=Kate Bush,dc=apache,dc=org
cn=Kate Bush
$

and providing a wrong password leads to an "invalid credentials".

But if I use "dc=aPache,dc=org" as suffix within the partition configuration, i.e.
<property name="suffix"><value>dc=aPache,dc=org</value></property>
adjust other occurrences of dc=apache as well and import the person entry above with DN "cn=Kate Bush,dc=aPache,dc=org", the following happens:

$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=aPache,dc=org" -w Aerial -b "dc=aPache,dc=org" "(sn=Bush)" cn
ldap_simple_bind: Invalid credentials
$

But this still works:

$ ldapsearch -h magritte -p 10389 -D "uid=admin,ou=system" -w secret -b "dc=aPache,dc=org" "(sn=Bush)"
cn=Kate Bush,dc=aPache,dc=org
sn=Bush
cn=Kate Bush
objectclass=person
objectclass=top
userPassword=Aerial
$

I have the same problem with suffix "o=sevenSeas" (actually it was the first occurrence I found), and the defect disappears with "o=sevenseas".

I therefore assume that the authenticator used for simple binds has problems with the mixed characters in the suffices.