Cannot ID LDAP User On LDAP Client

[Anton Chu <anton.chu@telecommand.com>]

I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server.  I've install the following:

sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils pam_ccreds

Here's my /etc/nsswitch.conf:

>  passwd: files ldap [NOTFOUND=return] db
>  
>  group: files ldap [NOTFOUND=return] db
>  
>  shadow: files ldap
>
> hosts:          files dns
> networks:       files
>
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files

I can nss_updatedb ldap succssfully:
# nss_updatedb ldap
passwd... done.
group... done.

I can getent passwd, getent passwd shadow, getent group just fine and they all show all my ldap users.

However, I cannot do an id ldapuser

ex:
$ id tony
id: tony: No such user

Here's my auth.log:
> Dec  1 21:08:17 webdev120 sshd[14765]: pam_unix(sshd:auth): check pass; user unknown

Here's my syslog:
> sshd[14648]: Libgcrypt warning: missing initialization - please fix the application

Here's my /etc/pam.d/commoun-auth:
> > auth    [success=4 default=ignore]      pam_unix.so nullok_secure
> > auth    [success=3 default=ignore]      pam_ldap.so use_first_pass
> > auth    [success=2 default=ignore]      pam_ccreds.so minimum_uid=1000 action="" use_first_pass
> > auth    [default=ignore]                pam_ccreds.so minimum_uid=1000 action=""># here's the fallback if no module succeeds
> > #auth   requisite                       pam_deny.so
> > # prime the stack with a positive return value if there isn't one already;
> > # this avoids us returning an error just because nothing sets a success code
> > # since the modules above will each just jump around
> > #auth   required                        pam_permit.so
> > # and here are more per-package modules (the "Additional" block)
> > auth    optional                        pam_ccreds.so minimum_uid=1000 action=""># end of pam-auth-update config

Here's my /etc/pam.d/common-account:
> # here are the per-package modules (the "Primary" block)
> account [success=2 new_authtok_reqd=done default=ignore]        pam_unix.so
> account [success=1 default=ignore]      pam_ldap.so
> # here's the fallback if no module succeeds
> account requisite                       pam_deny.so
> # prime the stack with a positive return value if there isn't one already;
> # this avoids us returning an error just because nothing sets a success code
> # since the modules above will each just jump around
> account required                        pam_permit.so
> # and here are more per-package modules (the "Additional" block)
> # end of pam-auth-update config

ID works just fine with my local users on my local machine so somehow it's not able to read the ldap users.  

Any insights appreciated.