Ldap users (after ldap config) in chef run

I have a base role that configures ldap on the client and cycles the
nscd daemon. Later in that role I try to create some directories
using “owner” and “group” from these ldap accounts. It always fails on
the first pass through. If I run it again, it will work fine.

I suspect that the chef run cannot yet see these accounts until after
the chef run is complete. If I run 'getent passwd | grep account’
right after the chef run, I can indeed see the account.

Anyone have any idea how to deal with ldap account changes within a chef
run? Does ohai need to be rerun in the middle of the run somehow?