Missing users in Workgroup Manager

This has always been an issue but I've never really taken the time to look into it thoroughly. I have a small OD setup with 2 servers (server01 & server02 both running OSX Server 10.3.9); 1 OD master and 1 OD replica. Whenever I add a new user account, that user is not able to log into either server via AFP. The message on the client is "An Appleshare system error occurred". The error at the server is -5023. If I restart the servers, logging in is possible from then on. I don't add users often so it's rather an annoyance than a major issue but I'd like to finanly reslove it if possible. After playing around with it today I've noticed some things. If I launch WGM on server01 for example, and authenticate as an OD admin account, all of the users that I've ever added show up in the user list. The viewing directory is set to /LDAPv3/127.0.0.1 btw. If I choose not to authenticate and instead view the directory as read only, the users that have been added since last restart do not show up. Those same users are not able to mount any AFP shares. They receive the error noted above. Viewing the list of users from the command line using dscl produces the same results. If I authenticate, all users are listed, if I don't authenticate, some users are not listed. I've read through the documentation but don't see anything that would explain this behavior. Any thoughts? Am i missing something basic here? Chris