This bug is really an interaction between vixie-cron, openldap, and nss_ldap. It also applies to all previous versions of RHL with these packages; I'm filing it against Rawhide because I upgraded to the latest packages to make sure the bug wasn't already fixed. By default, crond is started at boot before the LDAP servers are. If LDAP is being used for passwd information (via nss_ldap), this means that when crond is started, user information is unavailable. When this happens, those users' crontabs are ignored, and the following lines show up in the cron log: foo (02/09-14:54:20-439) ORPHAN (no passwd entry) bar (02/09-14:54:20-439) ORPHAN (no passwd entry) bat (02/09-14:54:20-439) ORPHAN (no passwd entry) ("foo", "bar", and "bat" are hypothetical usernames). After this, no cron jobs owned by these users are run, even after the LDAP server starts. If cron is "kicked" (by someone installing a new crontab, or restarting the daemon, or whatever), then it will start executing users' crontabs again. I imagine this might apply to the use of NIS or other such lookup systems as well. I can think of three fixes, in increasing order of difficulty and robustness: 1. After booting and starting LDAP servers, make sure to kick cron somehow. 2. Change the startup order of cron and LDAP. (But are there other dependencies? All this stuff is in some order, presumably for a reason, but there aren't exactly any comments as to why, or what would break if the order were changed. A dependency system would be so much better than simple numeric priority, but that's another issue...) 3. Modify cron so that instead of looking up the user when a file is read in ("early binding"), it looks up the user when it's about to run a job ("late binding"). I haven't looked at that part of cron's code, I have no idea how hard this would be. Vixie-cron seems to be a little messy in general, so I'm not sure if it's a good idea to go messing with it.
Fixed in openldap-1.2.9-5, in next rawhide release.