Translations:Centralized authentication using OpenLDAP/75/en

If you noticed one of the lines you pasted into your was commented out (the   line): you don't need it unless you want to change a user's password as superuser. In this case you need to echo the root password to in plaintext. This is DANGEROUS and should be chmoded to 600. What you might want to do is keep that file blank and when you need to change someone's password that's both in the LDAP and, put the pass in there for 10 seconds while changing the users password and remove it when done.