When system using pam_ldap and nss_ldap, and iptables rules contains -m owner, then iptables fails to start at reboot. The iptables-restore script cannot find users' uids until slapd starts. The solution is to add in /etc/init.d/iptables' depend() section "use slapd". Reproducible: Couldn't Reproduce Steps to Reproduce:
reassigning to bug-wranglers
Adding a dependency on slapd won't help if you use a remote LDAP server.
How is this an LDAP problem? If the LDAP server is remote, you still get the same problem. Change your iptables rules to use numeric uids maybe?