Each time an LDAP user logs in successfully, the system caches that password for that user. If the LDAP server is unreachable, then the system lets the users in with that last successful password.

However, if the user has never logged in before and are in an LDAP enabled role, then they will not be able to log in. There is no way around this, if the user has never logged in.