Matt John wrote:
For a bit more context we are in a university environment where central IT hold users passwords. Our department then has it's own ldap server for storing linux home directory mount information and the groups. In an ideal scenario our ldap server would be checked first and if authentication fails the central IT ldap server should be queried.
Password authentication is *not* getent passwd.
If all your posixAccount user entries are in your own "autofs" directory I'd look into simply chaining the password checking to the central LDAP directory. The technical options depend on your LDAP server used.
Ciao, Michael.