The issue is that libnss-ldap is ending up with a dependency on __libc_lock_lock, which was removed from glibc.
So anything that tries to load libnss-ldap via nsswitch ends up getting a NULL for the library load, and then behaves poorly. There is a patch at https://github.com/archlinuxarm/PKGBUILDs/blob/master/extra/nss_ldap/nss_ldap-265-glibc-2.16.patch that fixed the problem for me. I had to edit it slightly to get along with the log_authpriv patch. A few other thoughts: * It might be nice to build nss-ldap with -Wimplicit -Werror or something along those lines. FTBFS is much better than fail-to-boot. * 'sudo' just crashes on null pointer dereference; 'su' complains about the link error. It'd be much better if the client apps would just ignore the missing nsswitch module.