diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/nsswitch.conf/10files.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/nsswitch.conf/10files
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/nsswitch.conf/10files.ldap-auth	2005-11-20 21:28:07.000000000 -0700
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/nsswitch.conf/10files	2010-11-01 08:23:30.000000000 -0600
@@ -1,6 +1,6 @@
-passwd:     files
-shadow:     files
-group:      files
+passwd:     { ($ldap{Authentication} || 'disabled') eq 'enabled' ? 'files ldap' : 'files' }
+shadow:     { ($ldap{Authentication} || 'disabled') eq 'enabled' ? 'files ldap' : 'files' }
+group:      { ($ldap{Authentication} || 'disabled') eq 'enabled' ? 'files ldap' : 'files' }
 hosts:      { ($AccessType eq "off") ? "files" : "files dns" }
 services:   files
 networks:   files
diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth.ldap-auth	2008-03-26 10:49:00.000000000 -0600
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/20auth	2010-11-01 08:31:11.000000000 -0600
@@ -10,5 +10,10 @@ auth        required      pam_env.so
     $OUT .= "auth        required      pam_abl.so config=/etc/security/pam_abl.conf";
 }
 auth        sufficient    pam_unix.so likeauth nullok
+{
+    my $status = $ldap{Authentication} || 'disabled';
+    return unless $status eq 'enabled';
+    $OUT .= "auth        sufficient    pam_ldap.so use_first_pass";
+}
 auth        required      pam_deny.so
 
diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/30account.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/30account
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/30account.ldap-auth	2008-03-26 10:49:00.000000000 -0600
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/30account	2010-11-01 08:27:52.000000000 -0600
@@ -1,5 +1,10 @@
 account     required      pam_unix.so broken_shadow
 account     sufficient    pam_succeed_if.so uid < 100 quiet
+{
+    my $status = $ldap{Authentication} || 'disabled';
+    return unless $status eq 'enabled';
+    $OUT .= "account     [default=bad success=ok user_unknown=ignore]      pam_ldap.so";
+}
 account     required      pam_permit.so
 {
     my $status = $pam_tally{status} || 'disabled';
diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/40password.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/40password
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/40password.ldap-auth	2008-03-26 10:49:00.000000000 -0600
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/40password	2010-11-01 08:30:37.000000000 -0600
@@ -1,3 +1,8 @@
 password    sufficient    pam_unix.so nullok md5 shadow
+{
+    my $status = $ldap{Authentication} || 'disabled';
+    return unless $status eq 'enabled';
+    $OUT .= "password    sufficient    pam_ldap.so use_authtok";
+}
 password    required      pam_deny.so
 
diff -up e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/50session.ldap-auth e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/50session
--- e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/50session.ldap-auth	2008-03-26 10:49:00.000000000 -0600
+++ e-smith-base-5.2.0/root/etc/e-smith/templates/etc/pam.d/system-auth/50session	2010-11-01 08:30:19.000000000 -0600
@@ -1,2 +1,7 @@
 session     required      pam_limits.so
 session     required      pam_unix.so
+{
+    my $status = $ldap{Authentication} || 'disabled';
+    return unless $status eq 'enabled';
+    $OUT .= "session     optional      pam_ldap.so";
+}

diff -up e-smith-base-5.2.0/createlinks.enable-cpu e-smith-base-5.2.0/createlinks
--- e-smith-base-5.2.0/createlinks.enable-cpu	2010-11-01 10:00:03.000000000 -0600
+++ e-smith-base-5.2.0/createlinks	2010-11-01 10:01:53.000000000 -0600
@@ -311,7 +311,6 @@
 templates2events("/etc/smartd.conf", $event);
 templates2events("/home/e-smith/ssl.pem/pem", $event);
 event_link("rmmod-bonding", $event, "10");
-event_link("user-lock-passwd", $event, "15");
 event_link("set-hostname", $event, "10");
 event_link("conf-modules", $event, "30");
 event_link("conf-startup", $event, "60");
@@ -319,6 +318,14 @@
 event_link("init-reload", $event, "90");
 event_link("reset-unsavedflag", $event, "95");
 
+#--------------------------------------------------
+# actions for bootstrap-ldap-save
+#--------------------------------------------------
+$event = "bootstrap-ldap-save";
+
+templates2events("/etc/nsswitch.conf", $event);
+templates2events("/etc/pam.d/system-auth", $event);
+event_link("user-lock-passwd", $event, "15");
 
 #--------------------------------------------------
 # actions for group-create event