I just installed FC7 on a new server and enabled LDAP authentication. It wasn't working and wasn't giving me any useful logs so I finally installed wireshark to sniff the line -- at least I could discover what was going over to the LDAP server.
What I found was that the seachfilter was '(&object class=posixAccount)(uid=xxx))'. We do not use the posixAccount object class, which means the search fails and consequently, the login fails. I changed the line in /etc/ldap.conf from "pam_filter objectclass=posixAccount" to "pam_filter objectclass=linfieldPerson" (a locally defined objectClass that includes the posixAccount attributes). Sniffed again and the searchfilter still included "objectclass=posixAccount". I even tried rebooting and checked again with the same results.
So where do I change it if changing the line in /etc/ldap.conf has no effect?