Template: libpam-ldapd/enable_shadow Type: boolean Default: true _Description: Enable shadow lookups through NSS? To allow LDAP users to log in, the NSS module needs to be enabled to perform shadow password lookups. The shadow entries themselves may be empty - that is, there is no need for password hashes to be exposed. See http://bugs.debian.org/583492 for background. . Please choose whether /etc/nsswitch should have the required entry added automatically (in which case it should be reviewed afterwards) or whether it should be left for an administrator to edit manually.