Jason,
Your ldap search and results look odd to me. If you were trying to find the entry with objectClass of posixAccount and uid of cfernandez and retrieve the attributes of userPassword and sn3, the search should look something like this
ldapsearch -x -b dc=consultia,dc=biz -h yourhost "(&(objectClass=posixAccount)(uid=cfernandez))" userPassword sn3
Then your output will look like this
# LDAPv3 # base
with scope sub # filter: (&(objectclass=posixAccount)(uid=cfernandez)) # requesting: userPassword sn3
OK, so far so good. One thing, though. Your output
# bogus, management, mydomain.org dn: uid=bogus,ou=sales,dc=mydomain,dc=org homeDirectory: /home/bogus
[etc] echoes all the fields, however, even when I request all of them as you do, return none. This is a bit strange, since cibeles:~ # getent passwd cfernandez:x:1000:100:Carlos Fernandez:/home/cfernandez:/bin/bash i.e. at least the home and the shell are stored correctly.... why doesn't ldapsearch display them? And why getent finds the user but when I try cibeles:~ # su - cfernandez su: user cfernandez does not exist BTW the LDAP log after this is: Dec 13 21:10:20 cibeles slapd[17011]: conn=145 fd=18 ACCEPT from IP=127.0.0.1:34317 (IP=0.0.0.0:389) Dec 13 21:10:20 cibeles slapd[17011]: conn=145 op=0 BIND dn="" method=128 Dec 13 21:10:20 cibeles slapd[17011]: conn=145 op=0 RESULT tag=97 err=0 text= Dec 13 21:10:20 cibeles slapd[17011]: conn=145 op=1 SRCH base="dc=consultia,dc=biz" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=cfernandez))" Dec 13 21:10:20 cibeles slapd[17011]: conn=145 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Dec 13 21:10:20 cibeles slapd[17011]: conn=145 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 13 21:10:20 cibeles slapd[17011]: conn=145 fd=18 closed Thanks.