Mac OS X Lion fails to check passwords when authenticating via LDAP
A bug in the module for authenticating (Open)LDAP under Mac OS X 10.7.x Lion can result in any password being accepted during log-in – all that's required is a valid user name. The problem occurs when logging in both via a graphical interface on a client and over the web via SSH on a server. Lion does not use LDAP to log-in by default; LDAP authentication tends to be used in large infrastructures for centralised user administration (name, password, group, etc.).
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump