Comment 1 for bug 317307

Finding references to /etc/passwd and replacing with genent calls helps (see attached diff).

However the use of /sbin/unix_chkpwd for password verification will apparently fail for LDAP due to the ordering in /etc/pam.d/common-password (pam_unix first, then pam_ldap). You can use --loginpass to bypass this issue.

http://osdir.com/ml/linux.pam/2007-04/msg00008.html