Ok, I must be doing something tremendously wrong. I'm mucking about with
tryint to set up a Sun ONE Directory Server 5.2 server to provide user
management functions. I'm having mixed results.

Once I've done the `directoryserver configure; idsconfig; ldapaddent`
stuff and add the pam_ldap.so.1 to /etc/pam.conf, I am able to log in
using users that exist only in the LDAP (but currently can't change
passwds - get "permission denied"). So, some success there.

However, some other oddities:

- If I add a user from the directory server console, I can't log in with
that user at all. Doing an LDAP search for the new user versus one
created via an ldapaddent of /etc/passwd, there appear to be several
differences in the associated records:

GOOD RECORD (`ldapaddent -f /etc/passwd passwd` created):
uid=jonesth1,ou=people,o=wsl.digex.com.kntr
cn=jonesth1
uidNumber=10100
gidNumber=100
gecos=Thomas H Jones II
homeDirectory=/home/jonesth1
loginShell=/bin/ksh
objectClass=posixAccount
objectClass=shadowAccount
objectClass=account
objectClass=top
uid=jonesth1
userPassword={crypt}yOnLXx68L26pE
shadowLastChange=11748
shadowFlag=0

BAD RECORD (console created):
uid=tinkerb,ou=People, o=wsl.digex.com.kntr
userPassword={crypt}eBC5RjZcoZwFg
givenName=Tinker
sn=Bell
telephoneNumber=240-264-2000
loginShell=/bin/ksh
gidNumber=204
uidNumber=44444
mail=tinkerb@wsl.digex.com
objectClass=top
objectClass=person
objectClass=organizationalPerson
objectClass=inetorgperson
objectClass=posixAccount
uid=tinkerb
gecos=Tinker Bell
cn=Tinker Bell

So, I also tried adding the user via the OS (non-LDAP*) command line
tools. The user got created into the local files, rather than the LDAP.
So, I'm guessing I need to use the ldapadd/ldapmodify tools?

Now, I thought that when I ran the idsconfig, it creates the proxy user with
sufficient priveleges to do LDAP passwd changes. If this isn't the case,
what have I missed (I know, probably something simple)? I've been digging
through docs.sun.com, but I can't see straight any more.

-tom