LDAP authentication stopped allowing new logins.  It had been working previously.

Common Access Card (CAC) authentication is based on responses from an LDAP server

The LDAP server was not available.  Entries in /var/log/messages showed "dsldapad: dsldapad: LDAP ERROR - Can't contact LDAP server".  These can be found by running:   grep LDAP /var/log/messages 

The LDAP server configured in the authentication configuration had changed.  The same symptoms will occur if the LDAP server is no longer available.  Verify that the LDAP server is not seen by the authentication process dsldapad and contact the LDAP administrators for any changes.  This might also be related to a network disconnect at the firewall.