I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server.  I've install the following:

sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils pam_ccreds

Here's my /etc/nsswitch.conf:

passwd: files ldap [NOTFOUND=return] db

group: files ldap [NOTFOUND=return] db

shadow: files ldap

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

I can nss_updatedb ldap succssfully:
# nss_updatedb ldap
passwd... done.
group... done.

I can getent passwd, getent passwd shadow, getent group just fine and they all show all my ldap users.

However, I cannot do an id ldapuser

ex:
$ id tony
id: tony: No such user

Here's my auth.log:
Dec 1 21:08:17 webdev120 sshd[14765]: pam_unix(sshd:auth): check pass; user unknown

Here's my syslog:
sshd[14648]: Libgcrypt warning: missing initialization - please fix the application

Here's my /etc/pam.d/commoun-auth:
auth [success=4 default=ignore] pam_unix.so nullok_secure
auth [success=3 default=ignore] pam_ldap.so use_first_pass
auth [success=2 default=ignore] pam_ccreds.so minimum_uid=1000 action=validate use_first_pass
auth [default=ignore] pam_ccreds.so minimum_uid=1000 action=update
# here's the fallback if no module succeeds
#auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
#auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth optional pam_ccreds.so minimum_uid=1000 action=store
# end of pam-auth-update config

Here's my /etc/pam.d/common-account:
# here are the per-package modules (the "Primary" block)
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
account [success=1 default=ignore] pam_ldap.so
# here's the fallback if no module succeeds
account requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
account required pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

ID works just fine with my local users on my local machine so somehow it's not able to read the ldap users.

Any insights appreciated.