Symptom
When you click a user name at the Login Window, it skips the password dialog and briefly appears to be logging in. The window shakes (which normally indicates incorrect password), and the system stays at the progress bar. To be able to log in as a local user after this occurs, you must force the computer to restart by pressing the power button, reset button, or appropriate keyboard shortcut as applicable to the computer model.
Solution
This happens specifically when the computer is an LDAP client and the attribute for the LDAP directory service being used is not mapped. Some LDAP servers do not store the user password in Directory Services. If the password attribute for users is not mapped, login is tried without a password and thus cannot succeed.
Follow the steps below at each affected client computer. To log in to an affected computer, select a local administrator account at the Login Window, not an LDAP user account. After logging in, follow these steps:
1. Open Directory Access (/Applications/Utilities/).
2. Click the Lock button to authenticate.
3. Select LDAPv3.
4. Click Configure.
5. Select the relevant LDAP configuration from the list.
6. Click Edit.
7. Click the "Search and Mappings" tab.
8. Click the disclosure triangle next to Users.
9. Scroll down to the Password attribute, and select it.
10. Click the rightmost Add button. (This should reveal a text field with a blinking cursor in the field beneath "Map to <menu> items in list".)
11. Type: #********
12. Click OK.
13. Quit Directory Access.