>Does anyone have any mods to use LDAP to store the auth_to_local
>database?


Somewhere or another I've got patches allowing this to be deferred to a daemon that's contacted through a Unix socket (library provides principal and username, dameon says yes or no). I never really got past prototyping this as a proof of concept, and we've never got round to using it in production, but I can dig out the code if anyone is interested. In the case you're discussing it would allow the LDAP lookups to be performed 'out-of-process'.

S.