Matt John wrote:
For a bit more context we are in a university environment where
hold users passwords. Our department then has it's own ldap server for storing
linux home directory mount information and the groups. In an ideal scenario
our ldap server would be checked first and if authentication fails the central
IT ldap server should be queried.
Password authentication is *not* getent passwd.
If all your posixAccount user entries are in your own "autofs" directory I'd
look into simply chaining the password checking to the central LDAP directory.
The technical options depend on your LDAP server used.