The problem seems to be that ldap users are not allowed to login when using 
kdm/xdm
Using the console they seem to be able to log in correctly, so I don't think 
the problem is how I have pam and ldap set up. Also the icons for the ldap 
users show up properly in kdm.

The error output produced from xdm is

Verifying ben
getspnam() failed, errno=0. Are you root?
passsword verify failed

the versions of the packages are
xfree-4.2.0-r9
pam_ldap-134
nss-ldap-174
pam-0.75-r6

and my pam files

/etc/pam.d/xdm
#%PAM-1.0
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

/etc/pam.d/system-auth
#%PAM-1.0
 
auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_unix.so likeauth nullok
auth       sufficient   /lib/security/pam_ldap.so use_first_pass
auth       required     /lib/security/pam_deny.so
 
account    required     /lib/security/pam_unix.so
account    required     /lib/security/pam_ldap.so
 
password   required     /lib/security/pam_cracklib.so retry=3
password   sufficient   /lib/security/pam_unix.so nullok md5 shadow use_authtok
password   sufficient   /lib/security/pam_ldap.so use_authok
password   required     /lib/security/pam_deny.so
 
session    required     /lib/security/pam_limits.so
session    required     /lib/security/pam_unix.so
session    optional     /lib/security/pam_ldap.so

--snip of /etc/nsswitch.conf --
passwd: files ldap
shadow: files ldap
group: files ldap
--
and my make.conf has USE="ldap"
and my make.defaults contains pam