I am trying to configure my Red Hat AS 4.2 box to authenticate users using LDAP. More specifically, I only want to verify the user's password using LDAP, the accounts are local. As far as I can tell then system is performing the LDAP bind during the login process; using tcpflow I can see the LDAP information passed to the server. Unfortunately, I cannot tell what is really going on. Even though I have 'debug' option enabled in the pam config file, the logs do not show any pam_ldap activity. Below is a snippet from the sshd pam config with LDAP: #LDAP auth sufficient pam_ldap.so use_first_pass debug auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth ... Originally, I was getting a LDAP bind error in /var/log/messages. After fixing ldap.conf and verifying the settings using ldapsearch, I no longer see the error. However, I don't see an specific pam_ldap errors in any of my logs now. I have done some searching and found a few news group posts with some sample logs. It looks like there is a way to enable more verbose logging: Dec 8 10:04:43 linux29 login[2063]: pam_ldap: error trying to bind as user "cn=Linux29,ou=SER,ou=KLK,o=EK" (Invalid credentials) There is a debug option in ldap.conf, but that just created a log file with output similar to running ldapsearch with the debugging option. Hopefully someone can point me to the debugging option so that my logs are a bit more helpful in troubleshooting this issue. thanks, John