having is that 2 users doesn't get authenticated. When I do a getent passwd for these users it is as if they doesn't exist but a "ldapsearch -x" shows them.
Sounds as though an attribute type is missing from the users' entries; are they of objectClass `posixAccount' ? Maybe show us the LDIF of one of the "bad" entries?
-JP