With the update of nss-3.14.0 LDAP stopped using the MD5 signed certificate. nss-3.14.0 update deems that MD5 as unsecure. The change causes authentication of users using LDAP to fail. There are 4 possible ways to fix this problem
1) update the LDAP certificate to use other type of encryption than MD5
2) modify each kernel line in /etc/grub.conf to add support for MD5 and also in create nss.sh in /etc/profile.d
in /etc/grub.conf add to the end of each kernel line
systemd.setenv=NSS_HASH_ALG_SUPPORT=+MD5
in /etc/profile.d create nss.sh with
export NSS_HASH_ALG_SUPPORT=+MD5
REBOOT
3) export the correct options to /etc/sysconfig/init
in /etc/sysconfig/init add
export NSS_HASH_ALG_SUPPORT=+MD5
REBOOT
4) downgrade nss package back to 3.13 and add exclusion in /etc/yum.conf to not allow upgrade to nss 3.14 and higher. nss, nss-tools, nss-sysinit and nss-util will need to be downgraded
yum downgrade nss nss-tools nss-sysinit nss-util
Add to /etc/yum.conf
exclude=nss*
REBOOT
