[root@skip /]# cat /etc/redhat-release
Red Hat Enterprise Linux AS release  4  (Nahant Update  1 )
[root@skip /]# su - oracle
su: incorrect password
/etc/ldap.conf
.......
host  127 . 0 . 0 . 1 
# The distinguished name of the search base.
base dc=us,dc=oracle,dc=com
.........
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5

[root@skip etc]# cat pam.d/system-auth
#%PAM- 1 . 0 
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
#auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid <  100  quiet
#account     [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry= 3 
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
#password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
#session     optional      /lib/security/$ISA/pam_ldap.so