When logging in as root you must skip the first 2 prompts.
This is because the entries in /etc/pam.d/common-auth are:
auth sufficient pam_ldap.so
auth sufficient pam_opie.so
auth required pam_unix.so nullok_secure
When you log in as root there is no root entry in ldap, so the first attempt will fail. For the second prompt you need a one time password. The third prompt will check /etc/shadow, so this is when to enter the password.