Using the "Steps to verify" as given in the earlier comment, the following results are seen:

1. With ldap_sasl_canonicalize = False (default settings), lookup and auth ldap user works fine.

2. With ldap_sasl_canonicalize = True, lookup and auth fails with error "GSSAPI Error: An invalid name was supplied (Hostname cannot be canonicalized)"


Verified in version:
# rpm -qi sssd | head
Name        : sssd                         Relocations: (not relocatable)
Version     : 1.5.1                             Vendor: Red Hat, Inc.
Release     : 47.el5                        Build Date: Tue 13 Dec 2011 08:49:10 AM EST
Install Date: Mon 02 Jan 2012 02:03:05 AM EST      Build Host: x86-007.build.bos.redhat.com
Group       : Applications/System           Source RPM: sssd-1.5.1-47.el5.src.rpm
Size        : 3679892                          License: GPLv3+
Signature   : DSA/SHA1, Wed 14 Dec 2011 12:17:11 PM EST, Key ID fd372689897da07a
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : http://fedorahosted.org/sssd/
Summary     : System Security Services Daemon

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0164.html