[Comm] Централизованная авторизация в ldap

[max]

АЛМ2.4.
работает связка openldap+postfix+courier-imap

А вот централизованная авторизация в ldap работать не хочет :(

# cat ldap.conf |grep ^# -v

base dc=zlt,dc=ru
uri ldap://127.0.0.1/
ldap_version 3


/etc/nsswitch.conf:

passwd: files ldap
shadow: tcb ldap
group: files ldap
...

$ id test
uid=1023(test) gid=1023(testgroup) группы=1023(testgroup)

$ su - test
Password: (ввод пароля)
su: Authentication service cannot retrieve authentication info.

В логах:
Mar 14 11:53:25 max pam_tcb[19136]: Credentials for user test unknown
Mar 14 11:53:25 max pam_tcb[19133]: su: Authentication failed for UNKNOWN USER 
from (uid=500)

Ещё

# id test
uid=1023(test) gid=1023(testgroup) groups=1023(testgroup)
# su - test
Account management:- Insufficient credentials to access authentication data
(Ignored)
/home/test not available; exiting

В логах:
Mar 14 11:52:47 max pam_tcb[19103]: su: Session opened for test by (uid=0)
Mar 14 11:52:47 max su[19103]: nss_ldap: reconnecting to LDAP server...
Mar 14 11:52:47 max su[19103]: nss_ldap: reconnected to LDAP server after 1 
attempt(s)
Mar 14 11:52:47 max pam_tcb[19103]: su: Session closed for test

Куда копать?
-- 
MaX